Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03/02/2024, 19:13

General

  • Target

    8d2006e02b3a574f7f50fb3852b4189f.exe

  • Size

    674KB

  • MD5

    8d2006e02b3a574f7f50fb3852b4189f

  • SHA1

    ad5ab323f222069d7d14b9e454e77063dba0d3b7

  • SHA256

    cb7429fc7b021d46befc19a45f038c6dceb405587fa1be60f6e4e242b71f1557

  • SHA512

    e547d368e06e397c46d0d4319c84b4c18e1a4804bece739b2f7aea266c527b17e9cd51e963bc329d982c9ecee714954f175183c989cbd704e39178cfbb3d96b1

  • SSDEEP

    12288:AUSZilVzaP8ca4n+edlNnGNfsg4yRuh10rHTcauTa6:AjgvaPtJnXhVhn103cauTa6

Score
10/10

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

  • ModiLoader Second Stage 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d2006e02b3a574f7f50fb3852b4189f.exe
    "C:\Users\Admin\AppData\Local\Temp\8d2006e02b3a574f7f50fb3852b4189f.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1520
    • C:\program files\internet explorer\IEXPLORE.EXE
      "C:\program files\internet explorer\IEXPLORE.EXE"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2768
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2768 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2740

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          9e006a60e57b75752ee6f5ffeb739dfa

          SHA1

          5dfd4e9ea6be8bd71f308c9d84803b27c8dcc2cb

          SHA256

          b9400a17c7313a48e04ba5c26b81528dce7014cac329b09ffe1be70c3f1652f4

          SHA512

          382393e6ea3756ae3a068d54ee500423e74920af8235a50e44837178b69e7cbef7737339b89a932ed8a5a94b684bd292231241cb31a3a50ada1b41d9ba1e760d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          f328669781fe2a8961e3ea018e9567e3

          SHA1

          816727948c6d8c28414dde43e8ac30b17e0ff1b1

          SHA256

          15a1b5112a3f83ae396c880f0d458d42cebb6cbd74387d68518ce8e5905961a9

          SHA512

          52aa54cde95ceb3d1c4735e171c1cd8a5fed6395c10b1a0cbc960ac7af0b72dd704cf4a2dd3a564a0de10132da5d98f8d552af978b057d6bb49f3d9c53079aac

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          76b47ea82a4ced351fef84c68eac9927

          SHA1

          c89d43c44254fdc5b1d3f00ca9728bf2fa0eac7e

          SHA256

          740d587d03b45d7eafbc8084f76fc954be18cf7fc6e71f282e8771fd42bb9b7c

          SHA512

          57ea042179deb15ccca0d700bb23fab53109772c0fda966a9b8dd608fb842d3fe657dc6d5bd6c0335241ede610a0dfdffcc415c68ee92235250236a9decc2b66

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          ccb93d17a6544f73543564d04fb53ae4

          SHA1

          90eb8c7ff40e4a2648304d5a1d415b6f0d172a5b

          SHA256

          a9185fabbea63eba1d5ef284d6317b3a02106835aed5ed1a8bc862b4d517be87

          SHA512

          f8739bb3d437465994691daa35029364abeda624870daebe74a0babdbf4621c7ce3865eec2b699585462909c9e352217047b469c7c11d0dee743ae1fbedf892c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          f38404c7bd699f88d6d2006a6c737b53

          SHA1

          a683665b17ef13e8a08e339240810d03ca47dfc0

          SHA256

          6d11ef638450544d215ede65004fb4ce13d9c432c9dfc94c522200c14d86af6d

          SHA512

          8362076ce55dc4b38b12bf64377ea4339c12efb82143f5c5d4cd5ff4e876c4a665f0cbd9a5d716e71e8d4d02f1f6b172b08db3d97da15468c136a57b940be0d5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          a6a4aaab56fb3f43547dc4158d8a15c7

          SHA1

          dbf674152669602bfdc2af70b97c104d74d8a1cc

          SHA256

          37986f32eeff9959ad5f6f29e138a4f2894d7e794efb10bb8e408a480d17fa31

          SHA512

          3b2aa2122953d60da9bff275ab24b2d3d7e3e2d2c0e55ebd85755907819b909f3b5e38fab2fccc83b53c533e3dfd44389d1c3fc762f1965f72839a5954773d1a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          07aa49acf3e9a2a7d64a1cf516a8444d

          SHA1

          5ad8132e8719acf6e7073d9a3f031c105a927cff

          SHA256

          43f78d89e6140df3798e9b9fbc7b99d14bd2e9a11b3921c1f9cf49b35cc35a95

          SHA512

          bf70a744b64ac95de326dfdfcd5f036ce9f69a55a70babf3c62f728a67aaed355679d039c9a7e9a277fe70d2a9dc7638eb2c9d0877a69f669b0a111972891463

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          e8aefa6d219510ace103d6f90332bfa0

          SHA1

          8b429905c090a7fb8462ec8d0814c3ac49ce7aa9

          SHA256

          1326693cf79d15e495e7b0259540c013920ee26371c4b21edba49f730f4c65e8

          SHA512

          22cb4f592c843084b5053b7bd5d004b2b3e16a5d86fe770495d5ba8292b706ea29d3ef7b8f16af8369ec65a6ce222305f7dd2d7fc5942d350d08636eb39fab52

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          cdc9e176d9f981745017faf9d996336e

          SHA1

          822955639cad6dda17cac37e2a8bf4873a069ed0

          SHA256

          498372ec1f0a0be83f25351b0a4969180b71ac0c6c5321ebdc7a36e4e59f9c7f

          SHA512

          473510dad6018ef08283327c741ce9eff2f58338997d4f28c2218fc6bbc592a6d6d4cd53350d096f99463c618ccfbdb434dda644ae712773c2ac49b09f3c3494

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          4c401b966f921de967483e35c51625e6

          SHA1

          ee41298feb23bfeec92531a5a2ba0d0c9cae8a88

          SHA256

          5d11ddd422828fa0773c307f91f2e1e68422f0402e94bf4278ac3b93eaf60729

          SHA512

          20c402dbf700ce007c16c704433655cb84720b4e1deef278d7916cf3d8e05d573fd47a71d6d17ec85940f2bf2268df79996a0287aa25157b4df2e5a73ebd6a14

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          199646b1716108001ee8e08096e2fffb

          SHA1

          45559df7efe0ff49ccf5f5c8c46e1b7b516a73ee

          SHA256

          71dca4b82242d2f5d06a4a76135a405eb8fd9d6e155176173de744a810409c23

          SHA512

          b0365f947530f0a314a1a3f68bffb75d675700e797549427d2c9da7b40ee3c2f47c860846cf9f66f9d55ea4cfe3a50f2ad6dd1e1c4933a09c0060eadfc4358e9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          403bfbc89a354bc083e80e852d2e37c0

          SHA1

          cbc08a5dcdc2105976f823e0a3bf4856890a871e

          SHA256

          c974123a7c4ad25e65b2b2f6f51e541dc5934080eaebb4a925658f43465afcbe

          SHA512

          f190bc5a3825b5cda4b856646b5a90dd2409056c5fded58eefd6c416b95e10d9e4df8315249c0fa0ae859622a29b17d85790d37d3390d33cc68a64ac85bb5760

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          364ad29f733f237a71b1ff4f2f667e5b

          SHA1

          566df0596d3b58777b9639a77d9cb2c9dbb35c5c

          SHA256

          699ed41ac597bc3f7b27a6b21642575d903f8083e20ac8ad2f2a0108fdd0200e

          SHA512

          06ce8e6b23903a7288212ee02388a8b2577a0fef47ae6aa9933cff0c53c980abd357ce0bb396584bcef62175024923450f5ebe035ad4413455dae2c73895aa66

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          26b3e535170ccadfaee0792a88a75bd2

          SHA1

          66ad1fe17960ab40ca4c62eea859513238ad38f2

          SHA256

          e9541c07fc804e96742f43067184354b182c2fd2ac960e1d0d6f87595d29ebe8

          SHA512

          18c4604149e7a387d4471bbbc6380eaf4675e0ca35ff29853d05d59e3a97bcd2d1c943ecd55613436aa103acc8e1f79b4e921f52a55c6cdf1549e00018f2cc2d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          adea909bfc63ce9cfd6416306b97e983

          SHA1

          b0a6bfb049e4fe35b26e1697f5c07b748331ea74

          SHA256

          af471bd3e5f2a0d5060c3bc711616c7b5bf9e23ea953e5d45ef4eb4245ffc392

          SHA512

          93399e0e1ff2c06b69f27cba480c7b85f30caaf492b394394897798056ed89342b0693004c40f4b9a746c9efebd1077a418e403438a61e472d59040d0b20aef1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          29feb5ff8420b2ed517701805237a72c

          SHA1

          f4f5dd5252a80bf029eb11f8cc792f16a4821c12

          SHA256

          46fcee8f95318ca2dc2bbd8d376898c06e993fe5c349b50c875379c98f630c43

          SHA512

          006a938951cebc97781a142c645aa0134a55ae5249089b11a45526e949ec8e9cca9bcb59af0560ea713750d295aacf76077f99cf4cabacce15fa6d12cc80a985

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          9d7f366c0d061995064f935938c4a0a9

          SHA1

          29f6b10f0d42be7a95b75bcf1aa98ad5b4fa592b

          SHA256

          3a482aedc702016ab6bcadb71d87785ec8c11468fb0785db6665637708e933fc

          SHA512

          40fc0a13251ab1c9ff47ca7c4c3e03e72c945c525e5d0055d31681c3f31c306d39c6974ca5ece1f546fcf25e5af5fd7a0a6eb140203be9bf9a1dff4993857771

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          d3ec57b86527073d66079c4579a7569a

          SHA1

          e95ef83bdfd31a47a9ae59b593510cbf7a4ec43d

          SHA256

          37d77310ebd96d7b48cef61c5be14ba0b846d2fdb4d69e3660ab0c45daa12339

          SHA512

          e744a25caa81393b7d6c8d512014fa7cea31becbe1c25c081bb3c2d6ba15b64e242bd2e9d63af17540021af80a3da91e7b4db4dd47c1cdf3ae65598011aa2f5d

        • C:\Users\Admin\AppData\Local\Temp\Cab1E4D.tmp

          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        • C:\Users\Admin\AppData\Local\Temp\Tar1EEC.tmp

          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

        • memory/1520-3-0x0000000000400000-0x00000000004B0000-memory.dmp

          Filesize

          704KB

        • memory/1520-0-0x00000000003F0000-0x00000000003F1000-memory.dmp

          Filesize

          4KB

        • memory/2768-2-0x0000000000060000-0x0000000000110000-memory.dmp

          Filesize

          704KB