modiloader | 132c4cc7a61ff51619d4397a532d63aac7f2a379b7dc392740891dee549c42c9

Analysis

max time kernel
149s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 10:20

Target

0683e984a55b86826dd92b834a318fa3.dll
Size

329KB
MD5

0683e984a55b86826dd92b834a318fa3
SHA1

bc7e2506f1d72b873d69d570b2cf9c57d7557c51
SHA256

132c4cc7a61ff51619d4397a532d63aac7f2a379b7dc392740891dee549c42c9
SHA512

68d3e761ad399dd6d44fe9c7abf05d85eb13312fc9e8a4d31cdada03244ce7a359478ad5517816fbcb4f6608d0297cf6c57ae70f21ab55384c98e70f0778e3a7
SSDEEP

6144:gZbIA294/6WW8iKZx1+pkIoa40dNZuEljTBv+IRjZ:GG94/6j8iKtsdzu4jTAIRjZ

Score

10^/10

modiloader trojan

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

resource	yara_rule
behavioral2/memory/4952-0-0x0000000000400000-0x0000000000459000-memory.dmp	modiloader_stage2

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3784 wrote to memory of 4952	3784	rundll32.exe	87
PID 3784 wrote to memory of 4952	3784	rundll32.exe	87
PID 3784 wrote to memory of 4952	3784	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0683e984a55b86826dd92b834a318fa3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3784
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0683e984a55b86826dd92b834a318fa3.dll,#1
  2⤵
  PID:4952

memory/4952-0-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download