Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03/02/2024, 22:29

General

  • Target

    8d83768b151d2efde1fc4692e39b4a41.exe

  • Size

    609KB

  • MD5

    8d83768b151d2efde1fc4692e39b4a41

  • SHA1

    0b628b91474e43b17fa32ddb0a489b0050c8c730

  • SHA256

    40a3268a8ea94299a2135fc021fe25b907694463c9380fbfbc6c7e834aa6294b

  • SHA512

    8bc1bf8067409172668639a6587164f0af2beed9254b647b96627dba5f2817f2134fccd2682d13949ba415922074ff8b1ad1c760617579db010562c69d5b498b

  • SSDEEP

    12288:uP0E0cVS+vHV6toWuOhbRuo4QF3Z4mxxG0MHoTAFbv:/u/Hst7hUopQmXGK8

Score
10/10

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

  • ModiLoader Second Stage 2 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d83768b151d2efde1fc4692e39b4a41.exe
    "C:\Users\Admin\AppData\Local\Temp\8d83768b151d2efde1fc4692e39b4a41.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\system32\Deleteme.bat
      2⤵
      • Deletes itself
      PID:1532
    • C:\Windows\SysWOW64\Indxiwg.exe
      C:\Windows\system32\Indxiwg.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:2492

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\Deleteme.bat

          Filesize

          184B

          MD5

          76548ddbf2a885b58278b53bb642c3e2

          SHA1

          92fc8f271f6c18835a75b54510bba05dddb49cd6

          SHA256

          092b5bffbb0210d17ba551a0aa234f264e4b72842e5e97bd55e33e6e141f5b7c

          SHA512

          40820c5e2f9016fccd37832e4ee4f47fa55eead773624af548d8ddd7d0bea9cc006aa7ccb6723c4beb456c25585e58bf4b0af1a8319474f5ddbfe1f42729dbe0

        • C:\Windows\SysWOW64\Indxiwg.exe

          Filesize

          94KB

          MD5

          67b69e93a7b3aa33a74afbbf52dbf61f

          SHA1

          ce48b01e35245f992a41fd9edc2384a159ddfe71

          SHA256

          b6db83a0eef8a818af352d62d68004aeb954a1e84c92e625194316e7a6cc3174

          SHA512

          8d299bdc6e6715696a845c70536b52103e07a5abb4589a4c9ab445e8986fb2c714c06e5036308e323deb28a365c095e0c63683322b8b45f4dd2d4c2eaeedd13e

        • C:\Windows\SysWOW64\Indxiwg.exe

          Filesize

          191KB

          MD5

          877b95a76cdeae4d04b7985bc2cc68e6

          SHA1

          4a66c330a47dce3fcc16bb7ec3ed8a7372bb4b65

          SHA256

          e3d5e614880e25d4d3e418759f0d7524adbbda836748c7416d05796c57cc14d7

          SHA512

          60c4aaf84615aeaec832a7df314a71818a3dca449c22c3ad6e8b6e4bbc16822e3738443765f5f653de32eafe0f58129c7d36a0c8410d8620ee25a8916d58a90a

        • C:\Windows\SysWOW64\Indxiwg.exe

          Filesize

          216KB

          MD5

          3260fe7e4ec7774e2e7f463595fd2fb0

          SHA1

          f5d496f9bb2852e835b68cc371a0de9bd4a7c678

          SHA256

          defbb067dad94cc0b2d17d4c984d8cc89eb6daeeb124f4d3573f8c7524745ec7

          SHA512

          f3b87a26cbe44df551c40289b27d06d15b2a3a2561aeb36e87d3fcf9f93b69474a2f6950080fae5837f19495f95daa42d93e13092f6d8ecead9bc3ca28a893eb

        • \Windows\SysWOW64\Indxiwg.exe

          Filesize

          170KB

          MD5

          bd99b69ba8724cb226ac3dbf45a7d9cf

          SHA1

          005cafa03a5ab7c643f0c8f9fbb8c2cdfa69e7d7

          SHA256

          1728a0c1ae715633f9897f141693ea434b2707558815b340c2635a5d6aae90aa

          SHA512

          a1cca13157d95920db3f33206697e1f75e7b1fb4a3a2192a2884e71a94ef02c518ed1e6d63926b8636d45f627018f9ac334bb09f86c026e42f554ba89100423b

        • \Windows\SysWOW64\Indxiwg.exe

          Filesize

          238KB

          MD5

          b0625ddf9b8185708a9f883c36d97ef3

          SHA1

          0d0296e441a6ef9818b6661cbff108c0ec3d2e12

          SHA256

          065ba6ba92ced1029dd72881565fbcfcd6256b52aaea77a4848ba08b2c01ea75

          SHA512

          c520e9d09ef5eb178cfecd48a1ada1b30ef922fbe872f6bfb7da799629ca49a7de4074f64d059856752af15bb466c56c1a1fc23ecf7014801b5bef1e31795680

        • memory/2372-59-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-54-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-56-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-12-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-7-0x00000000005A0000-0x00000000005A1000-memory.dmp

          Filesize

          4KB

        • memory/2372-13-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-6-0x00000000005B0000-0x00000000005B1000-memory.dmp

          Filesize

          4KB

        • memory/2372-5-0x00000000003D0000-0x00000000003D1000-memory.dmp

          Filesize

          4KB

        • memory/2372-14-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-4-0x00000000003E0000-0x00000000003E1000-memory.dmp

          Filesize

          4KB

        • memory/2372-3-0x00000000005C0000-0x00000000005C1000-memory.dmp

          Filesize

          4KB

        • memory/2372-16-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-15-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-17-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-24-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-27-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-31-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-38-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-43-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-44-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-46-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-45-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-42-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-57-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-61-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-62-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-65-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-64-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-63-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-60-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-1-0x0000000000280000-0x00000000002D4000-memory.dmp

          Filesize

          336KB

        • memory/2372-58-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-8-0x00000000005D0000-0x00000000005D1000-memory.dmp

          Filesize

          4KB

        • memory/2372-9-0x00000000003F0000-0x00000000003F1000-memory.dmp

          Filesize

          4KB

        • memory/2372-0-0x0000000000400000-0x000000000056D000-memory.dmp

          Filesize

          1.4MB

        • memory/2372-53-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-52-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-51-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-50-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-49-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-48-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-55-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-47-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-97-0x0000000000400000-0x000000000056D000-memory.dmp

          Filesize

          1.4MB

        • memory/2372-41-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-40-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-39-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-37-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-36-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-35-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-34-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-33-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-32-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-30-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-29-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-28-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-26-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-25-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-23-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-22-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-21-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-20-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-19-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-18-0x0000000003280000-0x0000000003380000-memory.dmp

          Filesize

          1024KB

        • memory/2372-2-0x0000000000570000-0x0000000000571000-memory.dmp

          Filesize

          4KB

        • memory/2492-89-0x0000000000400000-0x000000000056D000-memory.dmp

          Filesize

          1.4MB