Overview

overview

10

Static

static

3

20dbba9910...d8.exe

windows7-x64

10

20dbba9910...d8.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 23:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    20dbba9910f1a20d19acf8fb844e8cd8.exe

  • Size

    921KB

  • MD5

    20dbba9910f1a20d19acf8fb844e8cd8

  • SHA1

    4486ac4812f9a8db710572cbb152457dd5e44141

  • SHA256

    3e7e6d13bdd1a095fb9e1647e4f13514976e7a27c3e99b9e06ac7535bd4d1a71

  • SHA512

    3e3fed7dc6667dcf775a2c29177645a91bee75e6a5c8a95f6c0bf291e06247b8d281cdb6b40a83135dfec78aba6e5469fb0ea4a8329143046fe0063b851b23b9

  • SSDEEP

    12288:vR5anu6FdTnaTS/hCurCWE86pS7YfwLTAWNFzJCfUWQZxEb8+KL41y:vRsnrTnaOwu+3g06TLNFzvWVb8+ty

Score
10/10
modiloadertrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\20dbba9910f1a20d19acf8fb844e8cd8.exe
    "C:\Users\Admin\AppData\Local\Temp\20dbba9910f1a20d19acf8fb844e8cd8.exe"
    1⤵
      PID:2712

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2712-2-0x00000000022C0000-0x00000000022DB000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2712-0-0x00000000006C0000-0x00000000006C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2712-8-0x0000000000400000-0x00000000004ED000-memory.dmp

      Filesize

      948KB

      Download