Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
09/01/2024, 11:06
General
-
Target
4e22775699416e81275fea3266e14bba.exe
-
Size
138KB
-
MD5
4e22775699416e81275fea3266e14bba
-
SHA1
32cc2479a30abd1b40b3b7e959ac32317fa124fd
-
SHA256
95dc812e94d5ba0842af45685ca7262b55607336fcf4becda83dbb6416beffa9
-
SHA512
34b13e9142a9c4251c78d876f02f9e86f22253950d3f9126dacd8ec6f0f3bbd36146381ce16b130d794c4bbc1ba08aa4df8e2e7af0c3900035d486242c81e3bf
-
SSDEEP
3072:oPinzlxMF/kJaTcig4l4V+U9yg0Url/9CqUfh:oPipyF/T1MwOd8T
Score
10/10
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage 1 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4e22775699416e81275fea3266e14bba.exe"C:\Users\Admin\AppData\Local\Temp\4e22775699416e81275fea3266e14bba.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4e22775699416e81275fea3266e14bba.exe4e22775699416e81275fea3266e14bba.exe2⤵
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
108KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB