Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/01/2024, 09:56

General

  • Target

    841d1d706e5fda5a4c6c2f6c512c18c2.exe

  • Size

    493KB

  • MD5

    841d1d706e5fda5a4c6c2f6c512c18c2

  • SHA1

    1b5c9251c9f5bf24e7a014e20b4e710f17e4a540

  • SHA256

    dfcd8994628bee6d7f0aa4575047e01e3f8caf1a5cd126fe79f70fcf89e5a24b

  • SHA512

    2ba25dba4f736c6f93d98eb12c99cbaaffb4c018f5fc6a8572e95eb95aa298964fd54b5d0a206d3894ebf054e37f67322f7d134ab3d7cc8ff2466664d1a9c1ee

  • SSDEEP

    12288:6LagqJq0Dlep9o3LgVhJXhfRZafOMj2jZGshfOuG:6LadlUvrR1V2uG

Score
10/10

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

  • ModiLoader Second Stage 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\841d1d706e5fda5a4c6c2f6c512c18c2.exe
    "C:\Users\Admin\AppData\Local\Temp\841d1d706e5fda5a4c6c2f6c512c18c2.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice51.exe
      "C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice51.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:4812
      • C:\program files\internet explorer\IEXPLORE.EXE
        "C:\program files\internet explorer\IEXPLORE.EXE"
        3⤵
          PID:3996
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Program Files\Common Files\Microsoft Shared\MSINFO\Delet.bat""
        2⤵
          PID:4708

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files\Common Files\Microsoft Shared\MSINFO\Delet.bat

              Filesize

              184B

              MD5

              06c202ea021eb56220e615e2b21bafc2

              SHA1

              93dbc14d2d9b79e7c244bd8072c4d7729cd0283f

              SHA256

              8489c4e58aa775d4c810a558a87280a2059ae749e0c3cf3d5df40b0ae637f3dd

              SHA512

              f572d7de7699ba199b6ab85fc2ae5839624c72694de54eae166745050fbe4d705a33273c6908db3175a8b40e0eec01026fa16a972e213d1fba9b25ddc11a3180

            • C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice51.exe

              Filesize

              493KB

              MD5

              841d1d706e5fda5a4c6c2f6c512c18c2

              SHA1

              1b5c9251c9f5bf24e7a014e20b4e710f17e4a540

              SHA256

              dfcd8994628bee6d7f0aa4575047e01e3f8caf1a5cd126fe79f70fcf89e5a24b

              SHA512

              2ba25dba4f736c6f93d98eb12c99cbaaffb4c018f5fc6a8572e95eb95aa298964fd54b5d0a206d3894ebf054e37f67322f7d134ab3d7cc8ff2466664d1a9c1ee

            • C:\Program Files\Common Files\microsoft shared\MSInfo\rejoice51.exe

              Filesize

              384KB

              MD5

              0addf595e63b56c35c3bfa41d94d1034

              SHA1

              1019eb49da5fe49e309ed933e0570afa7c4e72ac

              SHA256

              cf6b86b823397708d29c1400526cd4ce670e8fd4852aee1a8a97c4a836793174

              SHA512

              c343e7cea562ddfd80643518cee24254b3dd4d23e7a2838dc2b0fc6b1caaf155f2b9dd391e7d1266566b4d2f503178274f59b43fb75d256f50a47b4c0d5a915d

            • C:\Windows\SysWOW64\_rejoice51.exe

              Filesize

              112KB

              MD5

              5c7c571e3f754da751e125b4d377ef31

              SHA1

              df1233b2cae04a9bb1c9ab82036382f31cf05637

              SHA256

              8f4b03e396e82bc2e7b1fa843ad9ed4209d10cd58953492e2b84433517cb9714

              SHA512

              050bc1951a9e720c9abf8ee452842bad63e39c4db4446451e7a6d2dbba9f0f9681d77e25633b108a8eea8f8dea9a359f7559860fdbf3a256f6bebda702188664

            • memory/2296-0-0x0000000000400000-0x00000000005D4000-memory.dmp

              Filesize

              1.8MB

            • memory/2296-1-0x0000000002780000-0x0000000002781000-memory.dmp

              Filesize

              4KB

            • memory/2296-15-0x0000000000400000-0x00000000005D4000-memory.dmp

              Filesize

              1.8MB

            • memory/4812-7-0x0000000000400000-0x00000000005D4000-memory.dmp

              Filesize

              1.8MB

            • memory/4812-11-0x00000000023B0000-0x00000000023B1000-memory.dmp

              Filesize

              4KB

            • memory/4812-13-0x0000000000400000-0x00000000005D4000-memory.dmp

              Filesize

              1.8MB