Analysis Overview
SHA256
62b96cf5a64c167ae899f42b2efb362664187863a7fc89cdf4b4e626b5010d3f
Threat Level: Known bad
The file 8903e7e6ebd4f46e9910e2e6179c2778.bin was found to be: Known bad.
Malicious Activity Summary
ModiLoader, DBatLoader
ModiLoader Second Stage
Unsigned PE
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-15 01:36
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 01:36
Reported
2024-06-15 01:39
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
152s
Command Line
Signatures
ModiLoader, DBatLoader
ModiLoader Second Stage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\49116eb9df67b39271c13a80c5044023c55044c2cb4c6303f2b8c2a936524cee.exe
"C:\Users\Admin\AppData\Local\Temp\49116eb9df67b39271c13a80c5044023c55044c2cb4c6303f2b8c2a936524cee.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
Files
memory/3784-0-0x0000000002230000-0x0000000002231000-memory.dmp
memory/3784-2-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-3-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-5-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-4-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-1-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-6-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-8-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-9-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-10-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-12-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-17-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-21-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-27-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-36-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-50-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-64-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-63-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-62-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-61-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-60-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-59-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-58-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-57-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-55-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-53-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-54-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-52-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-51-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-48-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-46-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-56-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-39-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-38-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-37-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-49-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-35-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-47-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-34-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-45-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-33-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-44-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-32-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-43-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-42-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-31-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-41-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-30-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-40-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-29-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-28-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-18-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-26-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-25-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-24-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-23-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-22-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-20-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-19-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-16-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-15-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-14-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-13-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-11-0x00000000028C0000-0x00000000038C0000-memory.dmp
memory/3784-7-0x00000000028C0000-0x00000000038C0000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 01:36
Reported
2024-06-15 01:39
Platform
win7-20240508-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
ModiLoader, DBatLoader
ModiLoader Second Stage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\49116eb9df67b39271c13a80c5044023c55044c2cb4c6303f2b8c2a936524cee.exe
"C:\Users\Admin\AppData\Local\Temp\49116eb9df67b39271c13a80c5044023c55044c2cb4c6303f2b8c2a936524cee.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
Files
memory/2980-0-0x00000000001B0000-0x00000000001B1000-memory.dmp
memory/2980-1-0x00000000001B0000-0x00000000001B1000-memory.dmp
memory/2980-2-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-4-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-6-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-3-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-5-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-7-0x0000000000400000-0x0000000000589000-memory.dmp
memory/2980-11-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-10-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-9-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-8-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-12-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-14-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-16-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-15-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-17-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-18-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-20-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-21-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-22-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-23-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-24-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-25-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-27-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-29-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-31-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-34-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-36-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-38-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-41-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-44-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-46-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-49-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-51-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-53-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-56-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-58-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-61-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-63-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-66-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-68-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-71-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-73-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-78-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-75-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-81-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-83-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-86-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-88-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-37-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-47-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-48-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-45-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-43-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-42-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-40-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-39-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-35-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-33-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-32-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-30-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-28-0x00000000030F0000-0x00000000040F0000-memory.dmp
memory/2980-26-0x00000000030F0000-0x00000000040F0000-memory.dmp