modiloader | b007fcf24071434f44f6de53165d5de0079a846d83e87f0426a3a2ed2609e28c

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 16:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bbbbe89e4b8730e45068cfcbe85c6458.exe
Size

241KB
MD5

bbbbe89e4b8730e45068cfcbe85c6458
SHA1

188b6971599fb5ced362d642527eadf64f8dba2d
SHA256

b007fcf24071434f44f6de53165d5de0079a846d83e87f0426a3a2ed2609e28c
SHA512

4ee10a5092dafd610e68e423f82f352a8197841e53c0c562a92774acad7aba10cf231149807c8a127d431bd458573f692312261982e0da8bc2eaf32a5446e0e2
SSDEEP

6144:S6KuRRAE5rYw0nrxwm/3SlxlJ8nVZx2P/3I:S6K+6IrY5KSiDus

Score

10^/10

modiloader trojan upx

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 3 IoCs

resource	yara_rule
behavioral1/memory/1740-0-0x0000000000400000-0x000000000043E000-memory.dmp	modiloader_stage2
behavioral1/memory/1740-2-0x0000000010410000-0x0000000010443000-memory.dmp	modiloader_stage2
behavioral1/memory/1740-10-0x0000000000400000-0x000000000043E000-memory.dmp	modiloader_stage2

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1740-0-0x0000000000400000-0x000000000043E000-memory.dmp	upx
behavioral1/memory/1740-10-0x0000000000400000-0x000000000043E000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1740	bbbbe89e4b8730e45068cfcbe85c6458.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28
PID 1740 wrote to memory of 2208	1740	bbbbe89e4b8730e45068cfcbe85c6458.exe	28

C:\Users\Admin\AppData\Local\Temp\bbbbe89e4b8730e45068cfcbe85c6458.exe
"C:\Users\Admin\AppData\Local\Temp\bbbbe89e4b8730e45068cfcbe85c6458.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1740-0-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1740-2-0x0000000010410000-0x0000000010443000-memory.dmp

Filesize
204KB

Download
memory/1740-10-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download