modiloader | aeee6a9e26b4d62ec9258b1b2d30aea108deefc6001c54fbb6704c1d72010eed

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
09-04-2024 09:10

Target

Quotation.exe
Size

1.4MB
MD5

c5e1a421d9e99c5cae9400b9cd38a06b
SHA1

2c245784d3dee4e5a53432c46ba081e6f88a7b86
SHA256

aeee6a9e26b4d62ec9258b1b2d30aea108deefc6001c54fbb6704c1d72010eed
SHA512

cebdd6b10a4faf7c6d98b47020031de90faf50881c6be290bb0d9fe4bd939c091537b7d74a73efd5461a342550f58ebda3565c73f1b78bc7c94a1121050caeec
SSDEEP

24576:H17iEW02Eq8SzySmi5c3QBLeAVvu+lsVGXZuuuwxqEBQ:HJimicARtVvu+GVMZuMxqEB

Score

10^/10

modiloader trojan

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2916-2-0x0000000003180000-0x0000000004180000-memory.dmp	modiloader_stage2

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3024 2916 WerFault.exe Quotation.exe

pid	pid_target	process	target process
3024	2916	WerFault.exe	Quotation.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

Quotation.exe

description	pid	process	target process
PID 2916 wrote to memory of 3024	2916	Quotation.exe	WerFault.exe
PID 2916 wrote to memory of 3024	2916	Quotation.exe	WerFault.exe
PID 2916 wrote to memory of 3024	2916	Quotation.exe	WerFault.exe
PID 2916 wrote to memory of 3024	2916	Quotation.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Quotation.exe
"C:\Users\Admin\AppData\Local\Temp\Quotation.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 704
2⤵
- Program crash
PID:3024

memory/2916-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2916-1-0x0000000003180000-0x0000000004180000-memory.dmp

Filesize
16.0MB

Download
memory/2916-2-0x0000000003180000-0x0000000004180000-memory.dmp

Filesize
16.0MB

Download
memory/2916-4-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2916-5-0x0000000000400000-0x0000000000573000-memory.dmp

Filesize
1.4MB

Download