modiloader | e992ed075c75b885810ffebfba3d0d20c9b7be49f3119f500ef4d30304b2c584

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 22:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

449588d9086c6e7426be652cdf4f9ba2.exe
Size

581KB
MD5

449588d9086c6e7426be652cdf4f9ba2
SHA1

fc5bf8e069f40b71150669958b5ce6f87d24450a
SHA256

e992ed075c75b885810ffebfba3d0d20c9b7be49f3119f500ef4d30304b2c584
SHA512

4e0aba30437ae3274b526b6f4ccab3c7df3e6c01fde0400b9324cbf5b06839ee217b9338e1c7e47f5f0a10a21b1cc5b2239caa98fd62f2a47a7d44cbc623a33c
SSDEEP

12288:yO1jMK5uQtP1Eep4reZ03grkp5UF3Z4mxx7qJwnjSQIrb0hO9qF/3:yO1pNNbpSenMUQmX7qJwnjXIH0hOm/3

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

resource	yara_rule
behavioral1/memory/2408-17-0x0000000000400000-0x000000000054D000-memory.dmp	modiloader_stage2

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\FieleWay.txt	449588d9086c6e7426be652cdf4f9ba2.exe

Program crash 1 IoCs

pid	pid_target	Process
2692	2408	WerFault.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2672	2408	449588d9086c6e7426be652cdf4f9ba2.exe	16
PID 2408 wrote to memory of 2672	2408	449588d9086c6e7426be652cdf4f9ba2.exe	16
PID 2408 wrote to memory of 2672	2408	449588d9086c6e7426be652cdf4f9ba2.exe	16
PID 2408 wrote to memory of 2672	2408	449588d9086c6e7426be652cdf4f9ba2.exe	16
PID 2408 wrote to memory of 2692	2408	449588d9086c6e7426be652cdf4f9ba2.exe	17
PID 2408 wrote to memory of 2692	2408	449588d9086c6e7426be652cdf4f9ba2.exe	17
PID 2408 wrote to memory of 2692	2408	449588d9086c6e7426be652cdf4f9ba2.exe	17
PID 2408 wrote to memory of 2692	2408	449588d9086c6e7426be652cdf4f9ba2.exe	17

C:\program files\internet explorer\IEXPLORE.EXE
"C:\program files\internet explorer\IEXPLORE.EXE"
1⤵
PID:2672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 316
1⤵
- Program crash
PID:2692

C:\Users\Admin\AppData\Local\Temp\449588d9086c6e7426be652cdf4f9ba2.exe
"C:\Users\Admin\AppData\Local\Temp\449588d9086c6e7426be652cdf4f9ba2.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2408-1-0x0000000000370000-0x00000000003C4000-memory.dmp

Filesize
336KB

Download
memory/2408-7-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/2408-14-0x00000000005D0000-0x00000000005D8000-memory.dmp

Filesize
32KB

Download
memory/2408-13-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2408-15-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2408-12-0x0000000003260000-0x0000000003261000-memory.dmp

Filesize
4KB

Download
memory/2408-11-0x0000000003270000-0x0000000003271000-memory.dmp

Filesize
4KB

Download
memory/2408-10-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/2408-9-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/2408-8-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/2408-6-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2408-5-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2408-4-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/2408-3-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/2408-2-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/2408-0-0x0000000000400000-0x000000000054D000-memory.dmp

Filesize
1.3MB

Download
memory/2408-17-0x0000000000400000-0x000000000054D000-memory.dmp

Filesize
1.3MB

Download
memory/2408-18-0x0000000000370000-0x00000000003C4000-memory.dmp

Filesize
336KB

Download
memory/2408-19-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads