Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 22:54
General
-
Target
Epsonscan 6000735873898737338898383889838993930993003039383.exe
-
Size
909KB
-
MD5
292674c1d2579fb41017413d7d204eba
-
SHA1
5605a97858985e892f32c479d1e9fe614edd3a8f
-
SHA256
74bfe12181435ac80211c35fb1aa7955965d252ea6db5d12576a21d2590f7596
-
SHA512
244cbb53b5f39cc497e0d7cae73c575a8c8e7a5f64b89ce5c7dc377c314a6e15e51af043c57b383feec031e3660c1c3450bdc4a34e6db9d9867f362fdce2437a
-
SSDEEP
24576:bK5hBlSW8pFD6iDIeT2p5c2bSO9vWVa1J:bK58W8fT2Px8g
Score
10/10
Malware Config
Extracted
Family
modiloader
C2
https://cdn.discordapp.com/attachments/753549570230976536/755287116593758208/Dmoqggd
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage 1 IoCs
-
Program crash 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Epsonscan 6000735873898737338898383889838993930993003039383.exe"C:\Users\Admin\AppData\Local\Temp\Epsonscan 6000735873898737338898383889838993930993003039383.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 16402⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1808 -ip 18081⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1808-0-0x00000000006C0000-0x00000000006C1000-memory.dmpFilesize
4KB
-
memory/1808-1-0x0000000000400000-0x00000000004E7000-memory.dmpFilesize
924KB
-
memory/1808-3-0x0000000003DF0000-0x0000000003E2A000-memory.dmpFilesize
232KB
-
memory/1808-9-0x0000000000400000-0x00000000004E7000-memory.dmpFilesize
924KB
-
memory/1808-10-0x00000000006C0000-0x00000000006C1000-memory.dmpFilesize
4KB