modiloader | 8ceb72abf0c65e045a84633601a5a008d607f64074233118cbcf10d95d93ad58

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 11:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7223e82dffb18c92db7b4a2ef154ed26.exe
Size

1.1MB
MD5

7223e82dffb18c92db7b4a2ef154ed26
SHA1

3eb5b2bb75bace9ae6ad8b55f023c681d97d38f7
SHA256

8ceb72abf0c65e045a84633601a5a008d607f64074233118cbcf10d95d93ad58
SHA512

069f1956ff20bfdc2e32ec665878c9ba7b1d6591dd2251e0e31a53026267e83fae84c9541ab28aa029b7759d97f339b33ab15884df0ba865439d42d5d2e8e5a8
SSDEEP

12288:BFtHRwMpWIIyKj9X1WxQ3jC0CJVYT+R0ws8YhX2ujXd5JjFWVJq:BFtxwR9uwvQYYdsM+7J58

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader First Stage 2 IoCs

resource	yara_rule
behavioral2/memory/208-273-0x0000000010410000-0x000000001042B000-memory.dmp	modiloader_stage1
behavioral2/memory/208-280-0x0000000010410000-0x000000001042B000-memory.dmp	modiloader_stage1

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89
PID 2384 wrote to memory of 208	2384	7223e82dffb18c92db7b4a2ef154ed26.exe	89

C:\Users\Admin\AppData\Local\Temp\7223e82dffb18c92db7b4a2ef154ed26.exe
"C:\Users\Admin\AppData\Local\Temp\7223e82dffb18c92db7b4a2ef154ed26.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Users\Admin\AppData\Local\Temp\7223e82dffb18c92db7b4a2ef154ed26.exe
  C:\Users\Admin\AppData\Local\Temp\7223e82dffb18c92db7b4a2ef154ed26.exe
  2⤵
  PID:208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/208-2-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/208-3-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/208-273-0x0000000010410000-0x000000001042B000-memory.dmp

Filesize
108KB

Download
memory/208-280-0x0000000010410000-0x000000001042B000-memory.dmp

Filesize
108KB

Download
memory/2384-0-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads