Overview

overview

10

Static

static

10

9ab78b703e...0b.exe

windows7-x64

10

9ab78b703e...0b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/02/2024, 04:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9ab78b703e248f58de1a797591c6630b.exe

  • Size

    765KB

  • MD5

    9ab78b703e248f58de1a797591c6630b

  • SHA1

    a59946346b8f875cc7ad6c0024db14da8928fa74

  • SHA256

    9667031ee31c3492a484e102744829c6e83fec13c37a3a2c95a1679cb6aef59a

  • SHA512

    c68f78d5f0709da8ff82445d26cf563d8001fae3abe42dc6008bf33aa6ec81386ead83e016321de98d1f9f4ac3ba4e6665fa58e64bc0993a557bb7ef9441dda7

  • SSDEEP

    12288:NtPUekZkx1AEyYmueCkXyShXz2/iINCM3V5TDXTLwc9RdvK:NtnexEyYmufzyo/YcXDXTBHy

Score
10/10
modiloadertrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 5 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ab78b703e248f58de1a797591c6630b.exe
    "C:\Users\Admin\AppData\Local\Temp\9ab78b703e248f58de1a797591c6630b.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:4956
    • C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoiceda.exe
      "C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoiceda.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:3320
      • C:\Windows\SysWOW64\calc.exe
        "C:\Windows\system32\calc.exe"
        3⤵
        • Suspicious use of UnmapMainImage
        PID:2004
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 12
          4⤵
          • Program crash
          PID:4676
      • C:\program files\internet explorer\IEXPLORE.EXE
        "C:\program files\internet explorer\IEXPLORE.EXE"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4352
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4352 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2192
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Program Files\Common Files\Microsoft Shared\MSINFO\SgotoDel.bat""
      2⤵
        PID:3080
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2004 -ip 2004
      1⤵
        PID:5096

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files\Common Files\Microsoft Shared\MSINFO\SgotoDel.bat
        Filesize

        184B

        MD5

        abfe983036b1ab4bbe2d9f7b4d83b980

        SHA1

        b821234f3bf623d05e64c967f1be42d767604217

        SHA256

        dc123e3cdfd21b30eba4f8961aac0ebc54f29ee5f0fc0593d6e69b82df52c08a

        SHA512

        b38df7eb4b85d978a95f4233a0a826aeab23048f276f07d228472d58997bf399ffd4ced77bcb87a64aac1cfa1a5964dc21d3060c8355cff3d90ac6a791ae8503

        Download Submit

      • C:\Program Files\Common Files\microsoft shared\MSInfo\rejoiceda.exe
        Filesize

        765KB

        MD5

        9ab78b703e248f58de1a797591c6630b

        SHA1

        a59946346b8f875cc7ad6c0024db14da8928fa74

        SHA256

        9667031ee31c3492a484e102744829c6e83fec13c37a3a2c95a1679cb6aef59a

        SHA512

        c68f78d5f0709da8ff82445d26cf563d8001fae3abe42dc6008bf33aa6ec81386ead83e016321de98d1f9f4ac3ba4e6665fa58e64bc0993a557bb7ef9441dda7

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        471B

        MD5

        34a715b7eff98727a79196c12548166d

        SHA1

        d5e289b29da4499777553a8a18000554d3664059

        SHA256

        6b41a389423de69980de3d667fca2f72e5ce6224dcea62d765862d07e76f9f01

        SHA512

        62de58bac2f19abcfd8503f2b0abf64872a6354c140e020975d40fda1c975ed3ccc9f05a58ab45663c3eee52dbb5d6974aca6df78f7e60e780f5320622516860

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        404B

        MD5

        b5331f3e28857c8e913697214210c204

        SHA1

        3e98433e66e4ebde6bcc1835025fc339f1ad5cba

        SHA256

        bf98ed986fd2040c4c070889016d37e38d93c908bde7d325beb3c8820f1ab654

        SHA512

        685031d5089a474c2a047773991b40461c8eae4dc45cd84b517875a404afc6a4c6b7dd4db9d589cc31680b9201f853c43759da8319c4196a9b64bcd0fbfd42ed

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\suggestions[1].en-US
        Filesize

        17KB

        MD5

        5a34cb996293fde2cb7a4ac89587393a

        SHA1

        3c96c993500690d1a77873cd62bc639b3a10653f

        SHA256

        c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

        SHA512

        e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        Download Submit

      • memory/2004-9-0x0000000000400000-0x00000000004C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/3320-8-0x00000000009A0000-0x00000000009A1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3320-12-0x0000000000400000-0x00000000004C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/4352-11-0x00000000005B0000-0x0000000000678000-memory.dmp

        Filesize

        800KB

        Download

      • memory/4956-0-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4956-15-0x0000000000400000-0x00000000004C8000-memory.dmp

        Filesize

        800KB

        Download