Overview

overview

10

Static

static

3

5e0f2aa7fe...bN.exe

windows7-x64

10

5e0f2aa7fe...bN.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    23s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    05-10-2024 03:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5e0f2aa7fe9d710d4ca930ad51ce281dec77a15318588b244e0ee90136f1bc8bN.exe

  • Size

    40KB

  • MD5

    b3db99f08003ca1fa6d09fe9ea1ffa10

  • SHA1

    2cea12eaf9af01d5b434dcb54ff52bdb48927410

  • SHA256

    5e0f2aa7fe9d710d4ca930ad51ce281dec77a15318588b244e0ee90136f1bc8b

  • SHA512

    796714423ec16c635bdd3497057ef7f34b60590125ed7fbf27f1d16fc6ed2a514be07e42ba7fd9cfb80eda9dcbc5183ccfb96a034fe637473ac1f912f150c866

  • SSDEEP

    768:B4B2JGYVNfV6vrFDPwp2Gt7YHN0m5vcdXwPXDzHvzExAPOE/3MwVrJ7H8oWXRrKe:BC2oAfIrJwp2Gium5vcxwPzzvzEx6L/4

Score
10/10
modiloadertrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e0f2aa7fe9d710d4ca930ad51ce281dec77a15318588b244e0ee90136f1bc8bN.exe
    "C:\Users\Admin\AppData\Local\Temp\5e0f2aa7fe9d710d4ca930ad51ce281dec77a15318588b244e0ee90136f1bc8bN.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files\Common Files\Microsoft Shared\MSInfo\atmQQ2.dll
    Filesize

    21KB

    MD5

    f78912692c305a97d6f1221cf7219cba

    SHA1

    f7f9342bbafad523c0791f5a604f995ff5a95a57

    SHA256

    5fecfff7e78bdc8b1240b13fa53f029bdfc35f7bf7c114463c9aa619bd32cdbe

    SHA512

    f90c05c9ad516f5a3982df41e63192ab1479f312d084907bea56d3927502eb57641222405553ba7acf89eb7d9bc9c17669445faadf71e143deff6eea40eef752

    Download Submit

  • memory/1892-0-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1892-1-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1892-5-0x00000000001B0000-0x00000000001D4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1892-6-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1892-7-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1892-8-0x00000000001B0000-0x00000000001D4000-memory.dmp

    Filesize

    144KB

    Download