Overview

overview

10

Static

static

7

d0e8ba25c6...0N.exe

windows7-x64

10

d0e8ba25c6...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10/09/2024, 16:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d0e8ba25c63afd95aa2085dd674f1490N.exe

  • Size

    283KB

  • MD5

    d0e8ba25c63afd95aa2085dd674f1490

  • SHA1

    ad75d5bf2cdb16740e4075c5e99cacb2962c357c

  • SHA256

    ed382b26e34df1b53c8695e124ba9eafda8a1e088f49aa169d75846764168f75

  • SHA512

    105bcb3532aab523ec4632678ab41587b8f42a69b1e9ca2cd79be05bacafbc4d7d11f3edbf8ebc383326f2dec044d888e753980c5ef84bcee8fef9f7eeff35c0

  • SSDEEP

    6144:HKNzS1n+hLdYra12UkCxt3hnSgLtzhgSqvqepOLzyt/6g8H:MSV++Q2Uk43ogLTgSaqepgzMyp

Score
10/10
modiloaderdefense_evasiondiscoverypersistencetrojanupx

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 4 IoCs
  • Impair Defenses: Safe Mode Boot 1 TTPs 3 IoCs
    defense_evasion
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d0e8ba25c63afd95aa2085dd674f1490N.exe
    "C:\Users\Admin\AppData\Local\Temp\d0e8ba25c63afd95aa2085dd674f1490N.exe"
    1⤵
    • Impair Defenses: Safe Mode Boot
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2644
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
      PID:1552

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2644-0-0x0000000000400000-0x0000000000482000-memory.dmp

      Filesize

      520KB

      Download

    • memory/2644-1-0x0000000000230000-0x0000000000236000-memory.dmp

      Filesize

      24KB

      Download

    • memory/2644-2-0x0000000000400000-0x0000000000482000-memory.dmp

      Filesize

      520KB

      Download

    • memory/2644-3-0x0000000000400000-0x0000000000482000-memory.dmp

      Filesize

      520KB

      Download

    • memory/2644-4-0x0000000000400000-0x0000000000482000-memory.dmp

      Filesize

      520KB

      Download

    • memory/2644-11-0x0000000000400000-0x0000000000482000-memory.dmp

      Filesize

      520KB

      Download

    • memory/2644-13-0x0000000000400000-0x0000000000482000-memory.dmp

      Filesize

      520KB

      Download