Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
31-05-2024 20:34
General
-
Target
TachoSoft21.5.exe
-
Size
14.2MB
-
MD5
78fb983dce2c9f93bc58740b238b2b34
-
SHA1
6992d612e9eccdf61e892dd8167808e1ae9c5108
-
SHA256
8cb534da16da69b70f325ca595b7723f0a11787be0b1b285a7b50e9b9fa409c2
-
SHA512
1f23786353f897546f8acf03bdb643c8e6143aaf6ba8eb0b9dbbfca4bea5011a6c1ad98ed08c3e79c8510251a732ab54e286c7834cb17a3dec37bd5714be2929
-
SSDEEP
393216:PcfNpSvQUoTccuQ7FJ1NQgqmBzNtqnF0nxxF1fqr4CaN:UO4UoTDnsg3zNLbF9qE1N
Score
10/10
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\TachoSoft21.5.exe"C:\Users\Admin\AppData\Local\Temp\TachoSoft21.5.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/956-1-0x0000000003720000-0x000000000377A000-memory.dmpFilesize
360KB
-
memory/956-8-0x0000000004750000-0x0000000004EA0000-memory.dmpFilesize
7.3MB
-
memory/956-7-0x0000000003960000-0x0000000003961000-memory.dmpFilesize
4KB
-
memory/956-6-0x0000000003910000-0x0000000003911000-memory.dmpFilesize
4KB
-
memory/956-5-0x0000000003940000-0x0000000003941000-memory.dmpFilesize
4KB
-
memory/956-4-0x00000000037C0000-0x00000000037C1000-memory.dmpFilesize
4KB
-
memory/956-3-0x00000000037D0000-0x00000000037D1000-memory.dmpFilesize
4KB
-
memory/956-2-0x00000000038F0000-0x00000000038F1000-memory.dmpFilesize
4KB
-
memory/956-0-0x0000000000400000-0x00000000018E9000-memory.dmpFilesize
20.9MB
-
memory/956-9-0x0000000004750000-0x0000000004EA0000-memory.dmpFilesize
7.3MB
-
memory/956-10-0x0000000004750000-0x0000000004E20000-memory.dmpFilesize
6.8MB
-
memory/956-11-0x0000000004750000-0x0000000004E20000-memory.dmpFilesize
6.8MB
-
memory/956-12-0x0000000004750000-0x0000000004E20000-memory.dmpFilesize
6.8MB
-
memory/956-13-0x0000000004750000-0x0000000004960000-memory.dmpFilesize
2.1MB
-
memory/956-18-0x000000000189A000-0x000000000189B000-memory.dmpFilesize
4KB
-
memory/956-17-0x0000000004750000-0x0000000004751000-memory.dmpFilesize
4KB
-
memory/956-16-0x0000000004750000-0x0000000004751000-memory.dmpFilesize
4KB
-
memory/956-15-0x0000000004B60000-0x0000000004B61000-memory.dmpFilesize
4KB
-
memory/956-14-0x0000000004750000-0x0000000004960000-memory.dmpFilesize
2.1MB
-
memory/956-19-0x0000000000400000-0x00000000018E9000-memory.dmpFilesize
20.9MB
-
memory/956-20-0x0000000000400000-0x00000000018E9000-memory.dmpFilesize
20.9MB
-
memory/956-21-0x0000000000400000-0x00000000018E9000-memory.dmpFilesize
20.9MB
-
memory/956-24-0x0000000004750000-0x0000000004960000-memory.dmpFilesize
2.1MB
-
memory/956-25-0x0000000003720000-0x000000000377A000-memory.dmpFilesize
360KB
-
memory/956-26-0x0000000004750000-0x0000000004EA0000-memory.dmpFilesize
7.3MB
-
memory/956-27-0x0000000004750000-0x0000000004EA0000-memory.dmpFilesize
7.3MB
-
memory/956-28-0x0000000004750000-0x0000000004E20000-memory.dmpFilesize
6.8MB
-
memory/956-29-0x0000000004750000-0x0000000004E20000-memory.dmpFilesize
6.8MB
-
memory/956-34-0x0000000004B60000-0x0000000004B61000-memory.dmpFilesize
4KB
-
memory/956-33-0x0000000004750000-0x0000000004751000-memory.dmpFilesize
4KB
-
memory/956-32-0x0000000004760000-0x0000000004761000-memory.dmpFilesize
4KB
-
memory/956-31-0x0000000004750000-0x0000000004960000-memory.dmpFilesize
2.1MB
-
memory/956-30-0x0000000004750000-0x0000000004E20000-memory.dmpFilesize
6.8MB