Overview

overview

10

Static

static

3

cbd0ed195a...df.exe

windows7-x64

10

cbd0ed195a...df.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/03/2024, 15:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cbd0ed195ad8ff279f71eed75c01ebdf.exe

  • Size

    173KB

  • MD5

    cbd0ed195ad8ff279f71eed75c01ebdf

  • SHA1

    c2a37ac59e2fe3cefb64c8cd6155e5bbe721b648

  • SHA256

    e7fa726541a81ac35439f7fae7410c6e489094bc1c40be5367f0d357089c5f02

  • SHA512

    13ea43a32f6cacb5748e0cbe147d15a20f8655ca3751523c49bdbe7e2925193f899ba1529adddb6556d24b3c323b04ac15756e899a90f37a1e1d92794f5ff1cd

  • SSDEEP

    3072:4rl+dV9Nn9fnL96HM0XUGXU2Foh0Uu/xSgBvIbAyTq/VWUV9Aep6WZZlpNdt86H8:2sV9p5rnVh05JSCvIbBTq/T6WzPrt7H8

Score
10/10
modiloadertrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cbd0ed195ad8ff279f71eed75c01ebdf.exe
    "C:\Users\Admin\AppData\Local\Temp\cbd0ed195ad8ff279f71eed75c01ebdf.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Users\Admin\AppData\Local\Temp\cbd0ed195ad8ff279f71eed75c01ebdf.exe
      C:\Users\Admin\AppData\Local\Temp\cbd0ed195ad8ff279f71eed75c01ebdf.exe
      2⤵
        PID:3404

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2380-11-0x0000000010000000-0x0000000010035000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2380-18-0x00000000022D0000-0x00000000022D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2380-5-0x00000000022D0000-0x00000000022D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2380-4-0x00000000022D0000-0x00000000022D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2380-3-0x00000000022D0000-0x00000000022D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2380-2-0x0000000002280000-0x0000000002281000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2380-0-0x0000000010000000-0x0000000010035000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2380-6-0x00000000022D0000-0x00000000022D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2380-1-0x00000000005B0000-0x00000000005E5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2380-15-0x00000000005B0000-0x00000000005E5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2380-14-0x00000000022D0000-0x00000000022D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2380-9-0x00000000022D0000-0x00000000022D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2380-12-0x00000000022D0000-0x00000000022D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2380-7-0x00000000022D0000-0x00000000022D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3404-13-0x0000000000400000-0x000000000040A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3404-16-0x0000000000020000-0x0000000000031000-memory.dmp

      Filesize

      68KB

      Download

    • memory/3404-17-0x0000000000400000-0x000000000040A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3404-8-0x0000000000400000-0x000000000040A000-memory.dmp

      Filesize

      40KB

      Download