Analysis
-
max time kernel
143s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 17:37
Behavioral task
behavioral1
Sample
751ccd064c1ac4acc94a598ac44188bc.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
751ccd064c1ac4acc94a598ac44188bc.exe
Resource
win10v2004-20231215-en
General
-
Target
751ccd064c1ac4acc94a598ac44188bc.exe
-
Size
35KB
-
MD5
751ccd064c1ac4acc94a598ac44188bc
-
SHA1
04f353e98190348b51db88fe5c96218b45e47f67
-
SHA256
bd23a1d50b766ffb72a9e8817deef5e55af7fbe1ae58d6575df050dc84f2d496
-
SHA512
37bef3c16ce29dd1d32366c743b80c2bfe99e215a53c9121703fc2f83e5888c02de258ee48187ecfd19f6b52d7edbee2f91eb63cc864e5697f7a003bb440af8d
-
SSDEEP
768:RjtK+H8Mm8c2T0W/mF5MrcPLZ6GlGKXi8TH3N:yw8p8cWAAiLPH3N
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage 6 IoCs
Processes:
resource yara_rule C:\Program Files\Common Files\microsoft shared\MSInfo\SysInfo.wmp modiloader_stage2 behavioral2/memory/3960-8-0x00000000005C0000-0x00000000005D0000-memory.dmp modiloader_stage2 behavioral2/memory/3960-4-0x0000000000400000-0x000000000041B000-memory.dmp modiloader_stage2 behavioral2/memory/3960-11-0x0000000000400000-0x000000000041B000-memory.dmp modiloader_stage2 behavioral2/memory/3960-12-0x00000000005C0000-0x00000000005D0000-memory.dmp modiloader_stage2 behavioral2/memory/3960-28-0x00000000005C0000-0x00000000005D0000-memory.dmp modiloader_stage2 -
Loads dropped DLL 2 IoCs
Processes:
751ccd064c1ac4acc94a598ac44188bc.exepid process 3960 751ccd064c1ac4acc94a598ac44188bc.exe 3960 751ccd064c1ac4acc94a598ac44188bc.exe -
Processes:
resource yara_rule behavioral2/memory/3960-0-0x0000000000400000-0x000000000041B000-memory.dmp upx behavioral2/memory/3960-4-0x0000000000400000-0x000000000041B000-memory.dmp upx behavioral2/memory/3960-11-0x0000000000400000-0x000000000041B000-memory.dmp upx -
Drops file in Program Files directory 4 IoCs
Processes:
751ccd064c1ac4acc94a598ac44188bc.exedescription ioc process File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.dll 751ccd064c1ac4acc94a598ac44188bc.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp 751ccd064c1ac4acc94a598ac44188bc.exe File created C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp 751ccd064c1ac4acc94a598ac44188bc.exe File created C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.dll 751ccd064c1ac4acc94a598ac44188bc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
751ccd064c1ac4acc94a598ac44188bc.exepid process 3960 751ccd064c1ac4acc94a598ac44188bc.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
44KB
MD557cffe60faa60555d5910b5e0b77c052
SHA13d10e2dee7f4ad52d135f5d47a3f84e0334f760a
SHA2562447a827cf3dc48b2085bb0576ef966da5e1a19dc1dfb561e9b079118a3bf317
SHA51246cb1083c10da9f3d37487b601ffd44d39f65fc66d2a67a85fc843b959853e4bb4f21bf29a0ad1e809255e265701c9a0eb05b945fcb8a0bab68d98f36b39476d