modiloader | f03901dbf89865bdfde7ec279bf2485c08aa1c33911ad1a79c31b4c0f0ca05fd

Analysis

max time kernel
143s
max time network
145s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 03:18

Target

3fc28f38ebf224e906eb6c1adb40f817.exe
Size

693KB
MD5

3fc28f38ebf224e906eb6c1adb40f817
SHA1

dbe2029ab492c8239f59e36225549a8e7b1b3049
SHA256

f03901dbf89865bdfde7ec279bf2485c08aa1c33911ad1a79c31b4c0f0ca05fd
SHA512

8d703e03fddc746a740ad0cc301676746d16dcc04079ad138e2ebf436c0d4cde3f1b627995436f58d77426c2d81db8c6fcacd6b9e2b6cddd5ed2b228a17f425a
SSDEEP

12288:bFzMOHhaV4vCcbAVLXUgL0XSbu5Uol+riQ7W/VD1LGnRTG+5VISUQDgMwdJK:ZzzaC58hXU+buuUnB1LIFlZIu

Score

10^/10

modiloader trojan

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

resource	yara_rule
behavioral1/memory/2116-2-0x0000000000400000-0x00000000004BD100-memory.dmp	modiloader_stage2

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2856	2116	WerFault.exe	23

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2856	2116	3fc28f38ebf224e906eb6c1adb40f817.exe	28
PID 2116 wrote to memory of 2856	2116	3fc28f38ebf224e906eb6c1adb40f817.exe	28
PID 2116 wrote to memory of 2856	2116	3fc28f38ebf224e906eb6c1adb40f817.exe	28
PID 2116 wrote to memory of 2856	2116	3fc28f38ebf224e906eb6c1adb40f817.exe	28

C:\Users\Admin\AppData\Local\Temp\3fc28f38ebf224e906eb6c1adb40f817.exe
"C:\Users\Admin\AppData\Local\Temp\3fc28f38ebf224e906eb6c1adb40f817.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 288
  2⤵
  - Program crash
  PID:2856

memory/2116-0-0x0000000000400000-0x00000000004BD100-memory.dmp

Filesize
756KB

Download
memory/2116-1-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2116-2-0x0000000000400000-0x00000000004BD100-memory.dmp

Filesize
756KB

Download
memory/2116-4-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download