Analysis

  • max time kernel
    140s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    26/03/2024, 07:00

General

  • Target

    Yeni sifaris siyahisi.exe

  • Size

    1.1MB

  • MD5

    6826a90ade3cb684daeed5476c31faa3

  • SHA1

    d938a3a3cae14ae0954d3e0edd541c1bf50ce622

  • SHA256

    1c60bc833a05be736fd6734552cf56281db65a3cb0c8004b3f94d88cf6c31a84

  • SHA512

    d6994bfc1a462bda203a6f3967e9bb8a1be8dc79db4a6474130f8348cc548ed0615a6f895313d015a02843304088fda369c5594beba21a27fdea8bf362aa34a1

  • SSDEEP

    24576:llAinAzO5SRz+HJ0dkGdiNhp/BRaR6URr0GDp6eX:llAc5StANPpRaR6URrNp

Score
10/10

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

  • ModiLoader Second Stage 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Yeni sifaris siyahisi.exe
    "C:\Users\Admin\AppData\Local\Temp\Yeni sifaris siyahisi.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1744
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 812
      2⤵
      • Program crash
      PID:2852

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1744-0-0x0000000000230000-0x0000000000231000-memory.dmp

          Filesize

          4KB

        • memory/1744-1-0x0000000003270000-0x0000000004270000-memory.dmp

          Filesize

          16.0MB

        • memory/1744-2-0x0000000003270000-0x0000000004270000-memory.dmp

          Filesize

          16.0MB

        • memory/1744-4-0x0000000000230000-0x0000000000231000-memory.dmp

          Filesize

          4KB

        • memory/1744-5-0x0000000000400000-0x0000000000527000-memory.dmp

          Filesize

          1.2MB