Overview

overview

10

Static

static

10

AutoPowerO...on.exe

windows7-x64

7

AutoPowerO...on.exe

windows10-2004-x64

7

$PLUGINSDI...on.exe

windows7-x64

7

$PLUGINSDI...on.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

AutoPower.exe

windows7-x64

10

AutoPower.exe

windows10-2004-x64

10

Help.chm

windows7-x64

1

Help.chm

windows10-2004-x64

1

RunDLL.dll

windows7-x64

3

RunDLL.dll

windows10-2004-x64

3

SASHOOK.dll

windows7-x64

3

SASHOOK.dll

windows10-2004-x64

3

autoss.exe

windows7-x64

10

autoss.exe

windows10-2004-x64

10

disktop.exe

windows7-x64

1

disktop.exe

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

AutoPowerO...��.htm

windows7-x64

1

AutoPowerO...��.htm

windows10-2004-x64

1

AutoPowerO...�).url

windows7-x64

1

AutoPowerO...�).url

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19-05-2024 20:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    autoss.exe

  • Size

    2.1MB

  • MD5

    da4e0703a34085c2fa77d86492273381

  • SHA1

    6905a25afa412c21528fa601c121c957d0436248

  • SHA256

    41064f46efbd85824697f4675ff6d70e9b47107891fcc5a966361deb370a70cf

  • SHA512

    98d339c8e915f8d967641eafc22ee14216a9d5dd61e660d0aba557af622667b52eeacb9d54a043b04bae6079937986d4b7ad219077ceea348de328b6520d6327

  • SSDEEP

    24576:IbYUSrlwjSVB9y81hXlEM2Iu9VYRj/1rRiVzC2:Is3zy4u9WD1twzC

Score
10/10
modiloadertrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 2 IoCs
  • Modifies registry class 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 9 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\autoss.exe
    "C:\Users\Admin\AppData\Local\Temp\autoss.exe"
    1⤵
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2240
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /C C:\Users\Admin\AppData\Local\Temp\~RomDmp1\RomDump.com > C:\Users\Admin\AppData\Local\Temp\~RomDmp1\Rom.dmp
      2⤵
        PID:2056

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\wake.ini
      Filesize

      67B

      MD5

      97bb424f9b87f82837c052ac0492854a

      SHA1

      5cbda78e812bdae84eb528489e63127e04ae9c59

      SHA256

      8b844e87344f777a6c6d555484c958c81256fea9f8c4dccb8b7323935eda502c

      SHA512

      9553cee58331de204feb5b29514952033f582dc433d779b890c70aaf856f50153964da7cc8c3ffef855b0237a50271ef7d14b47db98f1a64a3fa6187f48d33a6

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\wake.ini
      Filesize

      53B

      MD5

      e4f2b39c347c092bb1af852cec8a19af

      SHA1

      e2e0873d600e7eeacbad5467d66ec0cdd57ec673

      SHA256

      8ab7a67931e8ab579c5b826ee9fd0a818b52b8330b9766782f8c3deba3b97c5c

      SHA512

      543dcb794956f848cb0a871b6d10e75042c42d69e8b34e41d7fb2c4c5a425fd66d0524f09b3cae5e10f8703ca76e54cf383114c5ba747fc4c3cf40082248d26f

      Download Submit
    • memory/2240-0-0x00000000002A0000-0x00000000002A1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2240-15-0x0000000000400000-0x0000000000615000-memory.dmp
      Filesize

      2.1MB

      Download
    • memory/2240-17-0x00000000002A0000-0x00000000002A1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2240-24-0x0000000000400000-0x0000000000615000-memory.dmp
      Filesize

      2.1MB

      Download