modiloader | 23510e22393982e935093cce2d34e81ec14f75a63a19d4ffd64680bfe0a03df8

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 19:23

Target

65d675c2b2ddaa5d4cd9e664e828ff6f.exe
Size

396KB
MD5

65d675c2b2ddaa5d4cd9e664e828ff6f
SHA1

83b851d4948d2b2e816d7b37243b6040cb876e87
SHA256

23510e22393982e935093cce2d34e81ec14f75a63a19d4ffd64680bfe0a03df8
SHA512

c1a12132bed35086df3cf59a97e6b8ca18a62ddaa440b101e3467d703eef5eb80b3ee26c251ad045a49d5719aecfa48ef1959311c5137ea34e89c51b2f629287
SSDEEP

6144:1E9yDzN5oqKVsJAC328uO6s1wQW877buWxjy/qj+aA/pa:yEDJ5ofs9BuOB1wQW87XuWxM

Score

10^/10

modiloader trojan

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

resource	yara_rule
behavioral1/memory/2232-0-0x0000000006200000-0x0000000006268000-memory.dmp	modiloader_stage2

Program crash 1 IoCs

pid	pid_target	Process	procid_target
928	2232	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 928	2232	65d675c2b2ddaa5d4cd9e664e828ff6f.exe	28
PID 2232 wrote to memory of 928	2232	65d675c2b2ddaa5d4cd9e664e828ff6f.exe	28
PID 2232 wrote to memory of 928	2232	65d675c2b2ddaa5d4cd9e664e828ff6f.exe	28
PID 2232 wrote to memory of 928	2232	65d675c2b2ddaa5d4cd9e664e828ff6f.exe	28

C:\Users\Admin\AppData\Local\Temp\65d675c2b2ddaa5d4cd9e664e828ff6f.exe
"C:\Users\Admin\AppData\Local\Temp\65d675c2b2ddaa5d4cd9e664e828ff6f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 160
  2⤵
  - Program crash
  PID:928

memory/2232-0-0x0000000006200000-0x0000000006268000-memory.dmp

Filesize
416KB

Download