modiloader | 3d0067132eaf46799e57c10223a025e001e82583b9972f1805b38de605fda98e

Analysis

max time kernel
151s
max time network
66s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 01:27

Target

3d0067132eaf46799e57c10223a025e001e82583b9972f1805b38de605fda98e.exe
Size

1.5MB
MD5

4d6439772f29b66188b9898a9639ce0c
SHA1

13f853f2c8d1bcf94ee1fad9c4950212103db0f4
SHA256

3d0067132eaf46799e57c10223a025e001e82583b9972f1805b38de605fda98e
SHA512

4633ebe0d84f24a7ecb3ef248d4c3866406e45d4c9d2abbc99f3bcf1a50e52f68353d040b8e7710ac9de7d09d861623ff23778e9d5fe77dc10a5b42652fee1ef
SSDEEP

24576:pA9PI47mMe3qTK/MYnyXXQ9cgAwFrDsRMzOFlB6WXg/jzKsleGu2bh:c2MYy6cqdDQSOFJg/jYwbh

Score

10^/10

modiloader trojan

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

resource	yara_rule
behavioral1/memory/2792-2-0x0000000002D80000-0x0000000003D80000-memory.dmp	modiloader_stage2

Program crash 1 IoCs

pid	pid_target	Process	procid_target
752	2792	WerFault.exe	19

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 752	2792	3d0067132eaf46799e57c10223a025e001e82583b9972f1805b38de605fda98e.exe	30
PID 2792 wrote to memory of 752	2792	3d0067132eaf46799e57c10223a025e001e82583b9972f1805b38de605fda98e.exe	30
PID 2792 wrote to memory of 752	2792	3d0067132eaf46799e57c10223a025e001e82583b9972f1805b38de605fda98e.exe	30
PID 2792 wrote to memory of 752	2792	3d0067132eaf46799e57c10223a025e001e82583b9972f1805b38de605fda98e.exe	30

C:\Users\Admin\AppData\Local\Temp\3d0067132eaf46799e57c10223a025e001e82583b9972f1805b38de605fda98e.exe
"C:\Users\Admin\AppData\Local\Temp\3d0067132eaf46799e57c10223a025e001e82583b9972f1805b38de605fda98e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 736
  2⤵
  - Program crash
  PID:752

memory/2792-0-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2792-1-0x0000000002D80000-0x0000000003D80000-memory.dmp

Filesize
16.0MB

Download
memory/2792-2-0x0000000002D80000-0x0000000003D80000-memory.dmp

Filesize
16.0MB

Download
memory/2792-4-0x0000000000400000-0x000000000059D000-memory.dmp

Filesize
1.6MB

Download
memory/2792-5-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download