Overview

overview

10

Static

static

3

89ec9a5eaa...b2.exe

windows7-x64

7

89ec9a5eaa...b2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/02/2024, 15:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    89ec9a5eaaa03797afca477f1f55d7b2.exe

  • Size

    152KB

  • MD5

    89ec9a5eaaa03797afca477f1f55d7b2

  • SHA1

    0b8ef03225804b30f914f05f9da7642523912197

  • SHA256

    bdd16eb841350ace40e19e81896743a2764942ed852aa71b51a8316b9d523d70

  • SHA512

    4828bcec868797323669bb936eea833b3177e43adf9f75f61645ee3624ac519bd9312ed52c2016082b163cc5b9641f23060ecf513ac85dc91b2974d8bbce6fe8

  • SSDEEP

    1536:s7qqYYQ/Rq6Tj9Z20DSF2swgSzvIY2FOGY+wQfY1JNZdon55kBaeKEX:XYeq6Tj9Z3mFIgE32FxaQwPN7k5kwrW

Score
10/10
modiloadertrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\89ec9a5eaaa03797afca477f1f55d7b2.exe
    "C:\Users\Admin\AppData\Local\Temp\89ec9a5eaaa03797afca477f1f55d7b2.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1704

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Common Files\microsoft shared\MSInfo\atmQQ2.dll
          Filesize

          24KB

          MD5

          3243357e7f93dab87e1323aa373a36c6

          SHA1

          42af1411ae9cfcc36ce13ef3e80177ad8a9dccc2

          SHA256

          dde83925b4eb9554f560f5fcd012fd97a42b3e5a1db56e0708707f9af5f2c051

          SHA512

          196d733f00361b2d5b8ed6dbdaa13062464ddac43597884c64a0abe91b899c580d1e9e92b24d539d21190b20420f1d8dfc1bb0f21757c310a39ed92a35dd971e

          Download Submit

        • memory/1704-0-0x0000000000400000-0x0000000000426000-memory.dmp

          Filesize

          152KB

          Download

        • memory/1704-6-0x00000000006D0000-0x00000000006EF000-memory.dmp

          Filesize

          124KB

          Download

        • memory/1704-8-0x00000000006D0000-0x00000000006EF000-memory.dmp

          Filesize

          124KB

          Download

        • memory/1704-9-0x00000000006F0000-0x00000000006F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1704-10-0x0000000000400000-0x0000000000426000-memory.dmp

          Filesize

          152KB

          Download

        • memory/1704-11-0x00000000006D0000-0x00000000006EF000-memory.dmp

          Filesize

          124KB

          Download

        • memory/1704-12-0x00000000006F0000-0x00000000006F1000-memory.dmp

          Filesize

          4KB

          Download