Analysis

  • max time kernel
    140s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-06-2024 09:43

General

  • Target

    Perl Editor/Breakpnt.exe

  • Size

    414KB

  • MD5

    1519f2664204424acd3fe48ead1ca26a

  • SHA1

    de41c62355dadc564d80d2931d5e2d02c3cff4f9

  • SHA256

    1300017580ecf5911accfb865f658f76facfa869a42c0b542e6c04931e02e431

  • SHA512

    e3fed2e946c301caa974f15ac16e75d6873f1fbff2d565dc2769eb122c0f67ae42175719eb7a396a3cad0cfac800506ee347e7dfd98d69de6a8b36b9e202eb67

  • SSDEEP

    12288:spCOyva7D/JcvzSKvgDhCGkW1meyUGpnYFPipu:s0wzOBvKhaW1HGlYME

Score
10/10

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

  • ModiLoader First Stage 1 IoCs
  • Modifies registry class 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Perl Editor\Breakpnt.exe
    "C:\Users\Admin\AppData\Local\Temp\Perl Editor\Breakpnt.exe"
    1⤵
    • Modifies registry class
    PID:916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/916-0-0x0000000000400000-0x0000000000508000-memory.dmp

    Filesize

    1.0MB

  • memory/916-1-0x00000000024B0000-0x00000000024B2000-memory.dmp

    Filesize

    8KB

  • memory/916-15-0x0000000002510000-0x0000000002511000-memory.dmp

    Filesize

    4KB

  • memory/916-14-0x0000000002510000-0x0000000002511000-memory.dmp

    Filesize

    4KB

  • memory/916-13-0x0000000002510000-0x0000000002511000-memory.dmp

    Filesize

    4KB

  • memory/916-12-0x0000000002510000-0x0000000002511000-memory.dmp

    Filesize

    4KB

  • memory/916-11-0x0000000002510000-0x0000000002511000-memory.dmp

    Filesize

    4KB

  • memory/916-10-0x0000000002510000-0x0000000002511000-memory.dmp

    Filesize

    4KB

  • memory/916-9-0x0000000002510000-0x0000000002511000-memory.dmp

    Filesize

    4KB

  • memory/916-8-0x0000000002510000-0x0000000002511000-memory.dmp

    Filesize

    4KB

  • memory/916-7-0x0000000002510000-0x0000000002511000-memory.dmp

    Filesize

    4KB

  • memory/916-6-0x0000000002510000-0x0000000002511000-memory.dmp

    Filesize

    4KB

  • memory/916-5-0x0000000002510000-0x0000000002511000-memory.dmp

    Filesize

    4KB

  • memory/916-4-0x0000000002510000-0x0000000002511000-memory.dmp

    Filesize

    4KB

  • memory/916-3-0x0000000002510000-0x0000000002511000-memory.dmp

    Filesize

    4KB

  • memory/916-2-0x0000000002500000-0x0000000002501000-memory.dmp

    Filesize

    4KB

  • memory/916-16-0x0000000002500000-0x0000000002501000-memory.dmp

    Filesize

    4KB

  • memory/916-27-0x0000000002430000-0x0000000002431000-memory.dmp

    Filesize

    4KB

  • memory/916-26-0x0000000002440000-0x0000000002441000-memory.dmp

    Filesize

    4KB

  • memory/916-25-0x0000000002400000-0x0000000002401000-memory.dmp

    Filesize

    4KB

  • memory/916-24-0x0000000002410000-0x0000000002411000-memory.dmp

    Filesize

    4KB

  • memory/916-23-0x00000000022E0000-0x00000000022E1000-memory.dmp

    Filesize

    4KB

  • memory/916-22-0x00000000024D0000-0x00000000024D1000-memory.dmp

    Filesize

    4KB

  • memory/916-21-0x00000000022C0000-0x00000000022C1000-memory.dmp

    Filesize

    4KB

  • memory/916-20-0x0000000002260000-0x0000000002261000-memory.dmp

    Filesize

    4KB

  • memory/916-19-0x00000000024C0000-0x00000000024C1000-memory.dmp

    Filesize

    4KB

  • memory/916-18-0x00000000024A0000-0x00000000024A1000-memory.dmp

    Filesize

    4KB

  • memory/916-17-0x00000000022D0000-0x00000000022D1000-memory.dmp

    Filesize

    4KB

  • memory/916-28-0x0000000000400000-0x0000000000508000-memory.dmp

    Filesize

    1.0MB