modiloader | 761bc00debae8e5cd4de7021265985e85f6e724568b297a990ea7839b537ed3f

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 02:19

Target

761bc00debae8e5cd4de7021265985e85f6e724568b297a990ea7839b537ed3f.exe
Size

880KB
MD5

9a5a9c5394f9d005887e9ad4427cdf45
SHA1

72ca57c65ff6e0a5cbb7fa771a29ab40833938e0
SHA256

761bc00debae8e5cd4de7021265985e85f6e724568b297a990ea7839b537ed3f
SHA512

e81b22480fb3bc09cc7f607631bbb27cce2b64698e4e230edbabf75375cb39ab2d9d03ab10e821d427500d69526c881572ed828c51c904ba854f824e0ea147fe
SSDEEP

12288:gsoJXR0lPCb1VktfisDI8CriG78zjREUzbkZNdVi/SZmiepyCsTCpOz:1WilPCbbktfi38KisNdVi/0epy7TCc

Score

10^/10

modiloader trojan

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

resource	yara_rule
behavioral1/memory/2040-2-0x0000000003120000-0x0000000004120000-memory.dmp	modiloader_stage2

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2580	2040	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 2580	2040	761bc00debae8e5cd4de7021265985e85f6e724568b297a990ea7839b537ed3f.exe	28
PID 2040 wrote to memory of 2580	2040	761bc00debae8e5cd4de7021265985e85f6e724568b297a990ea7839b537ed3f.exe	28
PID 2040 wrote to memory of 2580	2040	761bc00debae8e5cd4de7021265985e85f6e724568b297a990ea7839b537ed3f.exe	28
PID 2040 wrote to memory of 2580	2040	761bc00debae8e5cd4de7021265985e85f6e724568b297a990ea7839b537ed3f.exe	28

C:\Users\Admin\AppData\Local\Temp\761bc00debae8e5cd4de7021265985e85f6e724568b297a990ea7839b537ed3f.exe
"C:\Users\Admin\AppData\Local\Temp\761bc00debae8e5cd4de7021265985e85f6e724568b297a990ea7839b537ed3f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 708
  2⤵
  - Program crash
  PID:2580

memory/2040-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2040-1-0x0000000003120000-0x0000000004120000-memory.dmp

Filesize
16.0MB

Download
memory/2040-2-0x0000000003120000-0x0000000004120000-memory.dmp

Filesize
16.0MB

Download
memory/2040-4-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2040-5-0x0000000000400000-0x00000000004E6000-memory.dmp

Filesize
920KB

Download