Analysis

  • max time kernel
    141s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/01/2024, 09:56

General

  • Target

    841d1d706e5fda5a4c6c2f6c512c18c2.exe

  • Size

    493KB

  • MD5

    841d1d706e5fda5a4c6c2f6c512c18c2

  • SHA1

    1b5c9251c9f5bf24e7a014e20b4e710f17e4a540

  • SHA256

    dfcd8994628bee6d7f0aa4575047e01e3f8caf1a5cd126fe79f70fcf89e5a24b

  • SHA512

    2ba25dba4f736c6f93d98eb12c99cbaaffb4c018f5fc6a8572e95eb95aa298964fd54b5d0a206d3894ebf054e37f67322f7d134ab3d7cc8ff2466664d1a9c1ee

  • SSDEEP

    12288:6LagqJq0Dlep9o3LgVhJXhfRZafOMj2jZGshfOuG:6LadlUvrR1V2uG

Score
10/10

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

  • ModiLoader Second Stage 3 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\841d1d706e5fda5a4c6c2f6c512c18c2.exe
    "C:\Users\Admin\AppData\Local\Temp\841d1d706e5fda5a4c6c2f6c512c18c2.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2868
    • C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice51.exe
      "C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice51.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:496
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 496 -s 288
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:404
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Program Files\Common Files\Microsoft Shared\MSINFO\Delet.bat""
      2⤵
      • Deletes itself
      PID:2832

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice51.exe

          Filesize

          373KB

          MD5

          e755b4825a2b62a35cd43fd43c86d9da

          SHA1

          c830b672aac2b12cb97517bfd939fa5745711f01

          SHA256

          4794f0173154c712e0c3546523f1bb8f2c8718fe1a44606a8d0336122025ff1f

          SHA512

          60a82a21229b216b5b07017448a84b34215f9762ee39c2ca99eae1c3986a1cd325b8ba29ce8ae244dc1a936aaff8629034c612bfa745d30770f536103e3f9214

        • C:\Program Files\Common Files\Microsoft Shared\MSInfo\Delet.bat

          Filesize

          184B

          MD5

          06c202ea021eb56220e615e2b21bafc2

          SHA1

          93dbc14d2d9b79e7c244bd8072c4d7729cd0283f

          SHA256

          8489c4e58aa775d4c810a558a87280a2059ae749e0c3cf3d5df40b0ae637f3dd

          SHA512

          f572d7de7699ba199b6ab85fc2ae5839624c72694de54eae166745050fbe4d705a33273c6908db3175a8b40e0eec01026fa16a972e213d1fba9b25ddc11a3180

        • C:\Program Files\Common Files\Microsoft Shared\MSInfo\rejoice51.exe

          Filesize

          433KB

          MD5

          ad371df1f3d46ad9b1aab8e03d3ec64a

          SHA1

          8e5bffa7287b21e2d030ecd19ca23a630335efe9

          SHA256

          f1dbef6d6bb557e16c74c66fa333c6506441819f14990286e65adb04ec812ae8

          SHA512

          ddd60412108803c358429ad3f5d213d4b4ece186b79f8485d770a7373bdb139ceccd14db80660b3b2c72a22502db0b5538d34ee6b75368ca30fca69a58359e6b

        • C:\Program Files\Common Files\Microsoft Shared\MSInfo\rejoice51.exe

          Filesize

          448KB

          MD5

          b13ecb3b61bb6f67032e2fc73b590fb9

          SHA1

          e43f0d99de0918509f3ca4d5a76b587132ce4f4b

          SHA256

          be3e1dd31c7e6d4d15cf54ffbff075dde201fd6ffcc66febeb231578c06978dd

          SHA512

          9c954d5d9083f4cfda876db28e5382397a479c675bbd9742ec562b54c25fc55e1fdca713633e70e9f4f7e9892c0e981eba69649c512f1ee02364ed36558b20f2

        • \Program Files\Common Files\Microsoft Shared\MSInfo\rejoice51.exe

          Filesize

          306KB

          MD5

          d89cb9a7358663bca4d4463fa725f6d7

          SHA1

          a626d0c513c7be3c5a6800d6a662eb41cbb7b33e

          SHA256

          759c1218366e30b37451574781cfcced60fbb7eec9b4266b474c037ae8951d10

          SHA512

          2375a6a4f0cc8276960caf044c47b93de47a10391758ce8e67c1da23247dd56d35b63fba3f8fb1bc07113bdf672e2141b1937c0bb34ccc60414af79605017b73

        • \Program Files\Common Files\Microsoft Shared\MSInfo\rejoice51.exe

          Filesize

          359KB

          MD5

          23f014ee5d6dd2064293093f0c47adc2

          SHA1

          0588e028ed9a495ec95b36fdb07bfc53c0983c63

          SHA256

          5ee5f62591ca30dd4bf594c4086daa8fbe9a96ab062ffab1883ef01f6dc605f3

          SHA512

          40f07b52b901bcbde9bd647683b9b466f7f6314c1491a14018c1af004b7eaf99e67acaed0efe24ab0f4db55da5962ca14e7223924c7bc67096ae4daee2d675c8

        • \Program Files\Common Files\Microsoft Shared\MSInfo\rejoice51.exe

          Filesize

          403KB

          MD5

          f0d678bc6582e5e78b6df6429036b2c7

          SHA1

          2ac3fac6227676f705d876e88a30a6cff07dd886

          SHA256

          43bb3847d25ff8175ca5a4e32386be6a5a5ff59a3aaebec71baa3e3f8766c56f

          SHA512

          101b7e778c44ca2ee056c29298613b52289354f77cace877c978ee11e0635285bd19d363270fde78dc70eae6ccb6412626ed7467f53c29ec5a9fcb245c9ba97b

        • \Program Files\Common Files\Microsoft Shared\MSInfo\rejoice51.exe

          Filesize

          493KB

          MD5

          841d1d706e5fda5a4c6c2f6c512c18c2

          SHA1

          1b5c9251c9f5bf24e7a014e20b4e710f17e4a540

          SHA256

          dfcd8994628bee6d7f0aa4575047e01e3f8caf1a5cd126fe79f70fcf89e5a24b

          SHA512

          2ba25dba4f736c6f93d98eb12c99cbaaffb4c018f5fc6a8572e95eb95aa298964fd54b5d0a206d3894ebf054e37f67322f7d134ab3d7cc8ff2466664d1a9c1ee

        • memory/496-18-0x0000000000270000-0x0000000000271000-memory.dmp

          Filesize

          4KB

        • memory/496-12-0x0000000000400000-0x00000000005D4000-memory.dmp

          Filesize

          1.8MB

        • memory/496-23-0x0000000000400000-0x00000000005D4000-memory.dmp

          Filesize

          1.8MB

        • memory/2868-10-0x0000000003050000-0x0000000003224000-memory.dmp

          Filesize

          1.8MB

        • memory/2868-13-0x0000000003050000-0x0000000003224000-memory.dmp

          Filesize

          1.8MB

        • memory/2868-0-0x0000000000400000-0x00000000005D4000-memory.dmp

          Filesize

          1.8MB

        • memory/2868-22-0x0000000000400000-0x00000000005D4000-memory.dmp

          Filesize

          1.8MB

        • memory/2868-3-0x00000000002B0000-0x00000000002B1000-memory.dmp

          Filesize

          4KB

        • memory/2868-35-0x0000000000400000-0x00000000005D4000-memory.dmp

          Filesize

          1.8MB