modiloader | 8280ad095c547d18fdad62f29a20713fecb3d9810df95f40956a145a774cb1ad

Analysis

max time kernel
122s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 08:22

Target

5304daa6f3cad122d3f838e47c447a1b.exe
Size

325KB
MD5

5304daa6f3cad122d3f838e47c447a1b
SHA1

a77e284fde4483dde4a7b07ddac3c5d50d17efab
SHA256

8280ad095c547d18fdad62f29a20713fecb3d9810df95f40956a145a774cb1ad
SHA512

dbc1f0c5f929cb28799dd7f3f564b60027c32b416fb843976b5343973aa39643fcf8532f3a76eb25bbeb624fa3a7877adf0cd8a04f4bd4512a31ee6ae12d0552
SSDEEP

6144:snARgysXqSKBNCHJjh44nPirnOTolDWQcUJ4wJE500N:sfOSKqH/44PWnO8ldhJZU

Score

10^/10

modiloader trojan

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 2 IoCs

resource	yara_rule
behavioral1/memory/1444-5-0x0000000000400000-0x00000000005163FA-memory.dmp	modiloader_stage2
behavioral1/memory/1444-2-0x0000000000400000-0x00000000005163FA-memory.dmp	modiloader_stage2

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\SetupWay.txt	5304daa6f3cad122d3f838e47c447a1b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1444 wrote to memory of 2120	1444	5304daa6f3cad122d3f838e47c447a1b.exe	28
PID 1444 wrote to memory of 2120	1444	5304daa6f3cad122d3f838e47c447a1b.exe	28
PID 1444 wrote to memory of 2120	1444	5304daa6f3cad122d3f838e47c447a1b.exe	28
PID 1444 wrote to memory of 2120	1444	5304daa6f3cad122d3f838e47c447a1b.exe	28

C:\Users\Admin\AppData\Local\Temp\5304daa6f3cad122d3f838e47c447a1b.exe
"C:\Users\Admin\AppData\Local\Temp\5304daa6f3cad122d3f838e47c447a1b.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1444
- C:\program files\internet explorer\IEXPLORE.EXE
  "C:\program files\internet explorer\IEXPLORE.EXE"
  2⤵
  PID:2120

memory/1444-1-0x0000000000400000-0x00000000005163FA-memory.dmp

Filesize
1.1MB

Download
memory/1444-4-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1444-5-0x0000000000400000-0x00000000005163FA-memory.dmp

Filesize
1.1MB

Download
memory/1444-2-0x0000000000400000-0x00000000005163FA-memory.dmp

Filesize
1.1MB

Download