modiloader | 7530a6c1b0af5633319393a4658cccbe0f098b61ace0eb8c19f9d54201dca1ad

Analysis

max time kernel
131s
max time network
131s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20-03-2024 02:22

Target

MACHINE SPECIFICATIONS.exe
Size

1.4MB
MD5

9a57df005b00ca4c9f0cd5f7a3d7e7e9
SHA1

63547644d4b7fe80f696bc8aae6f09830df81b64
SHA256

0168646bfeec864982cff43a4969ad4d0ab5e0df69cd27f7334fcf339f752e4c
SHA512

451b64d9798fdec6140b4ee919145d3b449aa88551d1ebfd4af3c4639191ce9075f2bc873cc4e6478d310b4e141c3a51d800f4a521d1bb37e45f752caafb3bc9
SSDEEP

24576:916ftUKJqekypS2EBJYewl7+6izHE+lsx4sAXsd1AqVjxW7RXtLgiED+enxbIl:9AfgQvslHE+l4wgmNdtECebIl

Score

10^/10

modiloader trojan

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2336-2-0x0000000002CD0000-0x0000000003CD0000-memory.dmp	modiloader_stage2

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2544 2336 WerFault.exe MACHINE SPECIFICATIONS.exe

pid	pid_target	process	target process
2544	2336	WerFault.exe	MACHINE SPECIFICATIONS.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

MACHINE SPECIFICATIONS.exe

description	pid	process	target process
PID 2336 wrote to memory of 2544	2336	MACHINE SPECIFICATIONS.exe	WerFault.exe
PID 2336 wrote to memory of 2544	2336	MACHINE SPECIFICATIONS.exe	WerFault.exe
PID 2336 wrote to memory of 2544	2336	MACHINE SPECIFICATIONS.exe	WerFault.exe
PID 2336 wrote to memory of 2544	2336	MACHINE SPECIFICATIONS.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\MACHINE SPECIFICATIONS.exe
"C:\Users\Admin\AppData\Local\Temp\MACHINE SPECIFICATIONS.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 740
2⤵
- Program crash
PID:2544

memory/2336-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2336-1-0x0000000002CD0000-0x0000000003CD0000-memory.dmp

Filesize
16.0MB

Download
memory/2336-2-0x0000000002CD0000-0x0000000003CD0000-memory.dmp

Filesize
16.0MB

Download
memory/2336-4-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2336-5-0x0000000000400000-0x000000000056E000-memory.dmp

Filesize
1.4MB

Download