modiloader | 4f7b25d22322329d95411b2eff1ea5b4466e1163067dcf07aa9ace5584b11fe1

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-01-2024 11:55

Target

10b304dfe3b1e67678ffd18f7c1d0760.exe
Size

199KB
MD5

10b304dfe3b1e67678ffd18f7c1d0760
SHA1

93d32b40423204a10db14bfa20644dd7b8f4bea6
SHA256

4f7b25d22322329d95411b2eff1ea5b4466e1163067dcf07aa9ace5584b11fe1
SHA512

a76da32aef9564f6f9f80807c8bce1e1cee78b5c76328c57e06b71cecf6f569d7338ac7596dc086af17c6d80f8b8e5ee1ea52316c5152f7dc0b71b0debfb6275
SSDEEP

3072:f2prjabNBC+XfYheMtTGBBIhWLpc15UXNxSNTA86PHS6Kout:ona3C+XJMtOqgLpeUVPHSJoS

Score

10^/10

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

resource	yara_rule
behavioral1/memory/2264-8-0x0000000000400000-0x000000000048B000-memory.dmp	modiloader_stage2

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2264-8-0x0000000000400000-0x000000000048B000-memory.dmp	upx
behavioral1/memory/2860-7-0x0000000000400000-0x000000000048B000-memory.dmp	upx
behavioral1/memory/2264-0-0x0000000000400000-0x000000000048B000-memory.dmp	upx
behavioral1/memory/2264-10-0x0000000000400000-0x000000000048B000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2264 set thread context of 2860	2264	10b304dfe3b1e67678ffd18f7c1d0760.exe	16

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\dosSetup.txt	10b304dfe3b1e67678ffd18f7c1d0760.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 2860	2264	10b304dfe3b1e67678ffd18f7c1d0760.exe	16
PID 2264 wrote to memory of 2860	2264	10b304dfe3b1e67678ffd18f7c1d0760.exe	16
PID 2264 wrote to memory of 2860	2264	10b304dfe3b1e67678ffd18f7c1d0760.exe	16
PID 2264 wrote to memory of 2860	2264	10b304dfe3b1e67678ffd18f7c1d0760.exe	16
PID 2264 wrote to memory of 2860	2264	10b304dfe3b1e67678ffd18f7c1d0760.exe	16
PID 2264 wrote to memory of 2860	2264	10b304dfe3b1e67678ffd18f7c1d0760.exe	16

memory/2264-8-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2264-1-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2264-0-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2264-10-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2860-7-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2860-5-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2860-3-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download