Analysis

  • max time kernel
    153s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/03/2024, 08:41

General

  • Target

    debf029458a4c03ed583143bca2d70bb.exe

  • Size

    40KB

  • MD5

    debf029458a4c03ed583143bca2d70bb

  • SHA1

    de12c38b439c02e392f7f2ff87ee2c10d03e68a6

  • SHA256

    ed7c819be94cc59789b80d4a002d364f897b9e42695d2b98c93d1c2c7e3085a0

  • SHA512

    f98d1a965719611dfa3115aa9b69607d2eb505ee40c8d7b7c6e8b1943cc17d51bf9a6faf24cde185c5d2250221e97ca9a0f056946377be14794f6efc471316cf

  • SSDEEP

    768:oufmjBuk785oPKlwQNyyuoIi6iyao32eQh+T+c2ksFmkW3kiN:oU+BxIB3Myufi+aw2Jyh2zwb

Score
10/10

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

  • ModiLoader Second Stage 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\debf029458a4c03ed583143bca2d70bb.exe
    "C:\Users\Admin\AppData\Local\Temp\debf029458a4c03ed583143bca2d70bb.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1168
    • C:\Users\Admin\AppData\Local\Temp\debf029458a4c03ed583143bca2d70bb.exe
      "C:\Users\Admin\AppData\Local\Temp\debf029458a4c03ed583143bca2d70bb.exe"
      2⤵
        PID:828

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/828-1-0x0000000000400000-0x0000000000409000-memory.dmp

            Filesize

            36KB

          • memory/828-2-0x0000000000400000-0x0000000000409000-memory.dmp

            Filesize

            36KB

          • memory/828-5-0x0000000000400000-0x0000000000409000-memory.dmp

            Filesize

            36KB

          • memory/828-6-0x0000000000400000-0x0000000000409000-memory.dmp

            Filesize

            36KB

          • memory/828-8-0x0000000010000000-0x0000000010011000-memory.dmp

            Filesize

            68KB

          • memory/1168-0-0x0000000000400000-0x000000000040FF4C-memory.dmp

            Filesize

            63KB

          • memory/1168-7-0x0000000000400000-0x000000000040FF4C-memory.dmp

            Filesize

            63KB