Overview

overview

10

Static

static

7

2a51c7228a...cs.exe

windows7-x64

10

2a51c7228a...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2024 00:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2a51c7228ac7bffae312e3ddc2e4bd30_NeikiAnalytics.exe

  • Size

    93KB

  • MD5

    2a51c7228ac7bffae312e3ddc2e4bd30

  • SHA1

    7557b34ed4efd62eac785fa338bbbb8a27471953

  • SHA256

    ef5c701f146d3240bb634ff75c17d678d0a253357496d3d1172bb202e97e76a4

  • SHA512

    ad7d6cc9e616082ed2a0db664cbd75b15fdfc10b7e4d75e3a7eef2066aeac1f48323a61fda2299d1399be3c446ac3aa2842bff7c29a11032fa2fa3de1f7faaea

  • SSDEEP

    1536:mfg5XeWVhKqPaolHLzK83peDnhTpyLMjO:55XRhKqPaogbDnxMx

Score
10/10
modiloaderpersistencetrojanupx

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • ModiLoader Second Stage 1 IoCs
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2a51c7228ac7bffae312e3ddc2e4bd30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2a51c7228ac7bffae312e3ddc2e4bd30_NeikiAnalytics.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    PID:2176

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files\Common Files\Microsoft Shared\MSInfo\qqdsq2.lmz
    Filesize

    27KB

    MD5

    5ffeaf4625ea5ce5beb8040f0b751d2c

    SHA1

    160f8a60964d7ef2119d7d3423b29db67d4a32bd

    SHA256

    00dee0bec73e3263601984cd96b0d7c5238a37da1200a3af367731c2857b25ae

    SHA512

    b0b161a454e1ec05da6639d38e318fcffafebef41e8c14f929ec31f4c521462ef5e503305a3ddd479aaf4c1067ac4d29fdaf751fe61e99a220e3a4ee13a21cc9

    Download Submit
  • memory/2176-0-0x0000000000400000-0x0000000000419000-memory.dmp
    Filesize

    100KB

    Download
  • memory/2176-6-0x00000000001B0000-0x00000000001C5000-memory.dmp
    Filesize

    84KB

    Download
  • memory/2176-8-0x0000000000400000-0x0000000000419000-memory.dmp
    Filesize

    100KB

    Download
  • memory/2176-9-0x00000000001B0000-0x00000000001C5000-memory.dmp
    Filesize

    84KB

    Download