Analysis
-
max time kernel
140s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
26/03/2024, 07:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Yeni sifaris siyahisi.exe
Resource
win7-20240220-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
Yeni sifaris siyahisi.exe
Resource
win10v2004-20240226-en
8 signatures
150 seconds
General
-
Target
Yeni sifaris siyahisi.exe
-
Size
1.1MB
-
MD5
6826a90ade3cb684daeed5476c31faa3
-
SHA1
d938a3a3cae14ae0954d3e0edd541c1bf50ce622
-
SHA256
1c60bc833a05be736fd6734552cf56281db65a3cb0c8004b3f94d88cf6c31a84
-
SHA512
d6994bfc1a462bda203a6f3967e9bb8a1be8dc79db4a6474130f8348cc548ed0615a6f895313d015a02843304088fda369c5594beba21a27fdea8bf362aa34a1
-
SSDEEP
24576:llAinAzO5SRz+HJ0dkGdiNhp/BRaR6URr0GDp6eX:llAc5StANPpRaR6URrNp
Score
10/10
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage 1 IoCs
resource yara_rule behavioral1/memory/1744-2-0x0000000003270000-0x0000000004270000-memory.dmp modiloader_stage2 -
Program crash 1 IoCs
pid pid_target Process procid_target 2852 1744 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1744 wrote to memory of 2852 1744 Yeni sifaris siyahisi.exe 28 PID 1744 wrote to memory of 2852 1744 Yeni sifaris siyahisi.exe 28 PID 1744 wrote to memory of 2852 1744 Yeni sifaris siyahisi.exe 28 PID 1744 wrote to memory of 2852 1744 Yeni sifaris siyahisi.exe 28