Overview

overview

10

Static

static

10

f1f38737a9...1a.exe

windows7-x64

10

f1f38737a9...1a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    111s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-12-2024 02:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f1f38737a9df04564707b46e1e44e7fb78c77ad2b74ebcaa05c2439d13ccc11a.exe

  • Size

    706KB

  • MD5

    f5641380f7b7a7f31f05f9569c569288

  • SHA1

    cf265a213cbedc6a605ddcb20e53bb0e7290ff4b

  • SHA256

    f1f38737a9df04564707b46e1e44e7fb78c77ad2b74ebcaa05c2439d13ccc11a

  • SHA512

    5513562dbb3ed9b8b9acb094124c90dbd8b45a85ae3d1123006cef55113028e971b9a686c86dd124606c6f2b3903936572f632a2473b8544da7bfacd16900944

  • SSDEEP

    12288:KsWdVgX1MwKcjZ+fEEIjEOyk/AXqUJKfa4fQfcW39oZ+NvTxjI7:Wzg6wKcV+sECkXGD4Hq+NvTpI7

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • Modiloader family
    modiloader
  • ModiLoader Second Stage 4 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f1f38737a9df04564707b46e1e44e7fb78c77ad2b74ebcaa05c2439d13ccc11a.exe
    "C:\Users\Admin\AppData\Local\Temp\f1f38737a9df04564707b46e1e44e7fb78c77ad2b74ebcaa05c2439d13ccc11a.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3280
    • C:\PROGRA~1\COMMON~1\MICROS~1\MSInfo\Adobe.exe
      C:\PROGRA~1\COMMON~1\MICROS~1\MSInfo\Adobe.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:1332
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c erase /F "C:\Users\Admin\AppData\Local\Temp\f1f38737a9df04564707b46e1e44e7fb78c77ad2b74ebcaa05c2439d13ccc11a.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Common Files\microsoft shared\MSInfo\Adobe.exe
    Filesize

    706KB

    MD5

    f5641380f7b7a7f31f05f9569c569288

    SHA1

    cf265a213cbedc6a605ddcb20e53bb0e7290ff4b

    SHA256

    f1f38737a9df04564707b46e1e44e7fb78c77ad2b74ebcaa05c2439d13ccc11a

    SHA512

    5513562dbb3ed9b8b9acb094124c90dbd8b45a85ae3d1123006cef55113028e971b9a686c86dd124606c6f2b3903936572f632a2473b8544da7bfacd16900944

    Download Submit

  • memory/1332-6-0x0000000002150000-0x0000000002151000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1332-9-0x0000000002150000-0x0000000002151000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1332-8-0x0000000000400000-0x00000000004C3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/1332-15-0x0000000000400000-0x00000000004C3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/3280-0-0x00000000007A0000-0x00000000007A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3280-7-0x0000000000400000-0x00000000004C3000-memory.dmp

    Filesize

    780KB

    Download