modiloader | 0dc35d9cdc8787513abfb53693db410acf939657fa81185c4c241faf83fb7e9f

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 05:52

Target

66dcc29d7e44dfaaf04a7cb2ad4242f1.exe
Size

710KB
MD5

66dcc29d7e44dfaaf04a7cb2ad4242f1
SHA1

3e1be76f72cbb230764299354cf9a5875e49b1e2
SHA256

0dc35d9cdc8787513abfb53693db410acf939657fa81185c4c241faf83fb7e9f
SHA512

f66a545b3918350bacd402b48a0788c140244642631ba40d9520a474f096f5c1bd08e77c17743cdf6cf86f2764fa0d15bfcba34a78bf5dfc1117719b1069cb4b
SSDEEP

12288:puskUZytC2xnAryADyCGab70MnvOXpYXSVbmCC0DVGLxJ1K:UNMAAeA+CGab70MmXASoEsx2

Score

10^/10

modiloader trojan

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

resource	yara_rule
behavioral1/memory/2512-3-0x0000000000400000-0x00000000004B8000-memory.dmp	modiloader_stage2

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\FieleWay.txt	66dcc29d7e44dfaaf04a7cb2ad4242f1.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2540	2512	66dcc29d7e44dfaaf04a7cb2ad4242f1.exe	28
PID 2512 wrote to memory of 2540	2512	66dcc29d7e44dfaaf04a7cb2ad4242f1.exe	28
PID 2512 wrote to memory of 2540	2512	66dcc29d7e44dfaaf04a7cb2ad4242f1.exe	28
PID 2512 wrote to memory of 2540	2512	66dcc29d7e44dfaaf04a7cb2ad4242f1.exe	28

C:\Users\Admin\AppData\Local\Temp\66dcc29d7e44dfaaf04a7cb2ad4242f1.exe
"C:\Users\Admin\AppData\Local\Temp\66dcc29d7e44dfaaf04a7cb2ad4242f1.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2512
- C:\program files\internet explorer\IEXPLORE.EXE
  "C:\program files\internet explorer\IEXPLORE.EXE"
  2⤵
  PID:2540

memory/2512-0-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/2512-1-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2512-3-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download