Overview

overview

10

Static

static

3

2347ad437f...14.exe

windows7-x64

10

2347ad437f...14.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 01:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2347ad437f76f2f320b6ed31457ad714.exe

  • Size

    306KB

  • MD5

    2347ad437f76f2f320b6ed31457ad714

  • SHA1

    7c91a8cbd9317d7040fe59152b9ca59cfe69fde5

  • SHA256

    f2ef85f663e6d410200a97b9385f48183b50c535bce5c192be1dbdd2ba4a518a

  • SHA512

    5f32835d7c2a6614feea2badef56fdd8baed57af631edab82f17d639aedfbae3d1753ef79af715b812d377c776b040e7e2dfa5205c54fc9d4032d8892addc6be

  • SSDEEP

    6144:9904nSHAweAgILkafnL0z2RdMO2t30chy8HfUjJxhdCWZT7UB8izcp52oHt:U4nSgwLFfnL06RjaEchfHOxhRYeiW2St

Score
10/10
modiloadertrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 4 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2347ad437f76f2f320b6ed31457ad714.exe
    "C:\Users\Admin\AppData\Local\Temp\2347ad437f76f2f320b6ed31457ad714.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\Windows\explorer.bat
      C:\Windows\explorer.bat
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3044
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\SgotoDel.bat
      2⤵
      • Deletes itself
      PID:2708
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 284
    1⤵
    • Program crash
    PID:3068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SgotoDel.bat
    Filesize

    184B

    MD5

    f7c64a07915674d41effe0615c8edfec

    SHA1

    3c9eb42d605736ae1b349de5d031bfd03469971d

    SHA256

    7de0cc0a47b57fdeb276f9774352cf38cc5ea7064a39e4811801f9685fc23112

    SHA512

    e4dbf75575c7fd2379bce9eb0373e6fe889654a63a802a7c6da0e4876417affce74b33f81121c5598d5f1bba80e513b869a8cfa9cdce70dbd262a75af52998f9

    Download Submit

  • memory/2932-1-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2932-0-0x0000000000400000-0x0000000000556000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2932-2-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2932-10-0x00000000030D0000-0x0000000003226000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2932-14-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2932-13-0x0000000000400000-0x0000000000556000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2932-23-0x0000000000400000-0x0000000000556000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3044-12-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3044-11-0x0000000000400000-0x0000000000556000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3044-15-0x0000000000400000-0x0000000000556000-memory.dmp

    Filesize

    1.3MB

    Download