modiloader | 6e341a169924d71f2451a4b76562a14e2d2bdad3d312af72eedbf90e3b7a40e7

Analysis

max time kernel
144s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20/01/2025, 11:22 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AIPR.exe
Size

619KB
MD5

fa2cd2d664fe3f39f906c1a08c39d2f0
SHA1

dc420b5fe928fc50ce40700c013c72b2be4b1eb6
SHA256

6c69521f736b5fbe7b61dafd872eb7eef16b47e07c7ac2953eaa098ed02ebdc8
SHA512

20cb3e3f1fce0c63b7c5d2a23fa0f9f9f58f0d599f14ee3e6c934f54b32e61fafd5063f2f7473e07e3c2d2bdecbdd54bfbfca6731bb22386293837bb732ba400
SSDEEP

12288:ByQo2YxUATJONqzhzlKQDL6PeAJo7qDhVZTZ9/+Ac+utTrO40Xy400:4rJOkz1DqfJo7QVZN9/CJtXO4i00

Score

10^/10

modiloader bootkit discovery persistence trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader
Modiloader family
modiloader

ModiLoader First Stage 15 IoCs

resource	yara_rule
behavioral7/memory/2484-58-0x0000000000400000-0x000000000058C000-memory.dmp	modiloader_stage1
behavioral7/memory/2484-77-0x0000000000400000-0x000000000058C000-memory.dmp	modiloader_stage1
behavioral7/memory/2484-78-0x0000000000400000-0x000000000058C000-memory.dmp	modiloader_stage1
behavioral7/memory/2484-79-0x0000000000400000-0x000000000058C000-memory.dmp	modiloader_stage1
behavioral7/memory/2484-80-0x0000000000400000-0x000000000058C000-memory.dmp	modiloader_stage1
behavioral7/memory/2484-81-0x0000000000400000-0x000000000058C000-memory.dmp	modiloader_stage1
behavioral7/memory/2484-82-0x0000000000400000-0x000000000058C000-memory.dmp	modiloader_stage1
behavioral7/memory/2484-83-0x0000000000400000-0x000000000058C000-memory.dmp	modiloader_stage1
behavioral7/memory/2484-84-0x0000000000400000-0x000000000058C000-memory.dmp	modiloader_stage1
behavioral7/memory/2484-85-0x0000000000400000-0x000000000058C000-memory.dmp	modiloader_stage1
behavioral7/memory/2484-86-0x0000000000400000-0x000000000058C000-memory.dmp	modiloader_stage1
behavioral7/memory/2484-87-0x0000000000400000-0x000000000058C000-memory.dmp	modiloader_stage1
behavioral7/memory/2484-88-0x0000000000400000-0x000000000058C000-memory.dmp	modiloader_stage1
behavioral7/memory/2484-89-0x0000000000400000-0x000000000058C000-memory.dmp	modiloader_stage1
behavioral7/memory/2484-90-0x0000000000400000-0x000000000058C000-memory.dmp	modiloader_stage1

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	AIPR.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AIPR.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	AIPR.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	AIPR.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	AIPR.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2484	AIPR.exe

C:\Users\Admin\AppData\Local\Temp\AIPR.exe
"C:\Users\Admin\AppData\Local\Temp\AIPR.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:2484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2484-1-0x00000000002A0000-0x00000000002D2000-memory.dmp

Filesize
200KB

Download
memory/2484-0-0x0000000000400000-0x000000000058C000-memory.dmp

Filesize
1.5MB

Download
memory/2484-2-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/2484-8-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2484-7-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2484-9-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2484-6-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2484-5-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/2484-4-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2484-3-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2484-11-0x0000000001FF0000-0x0000000001FF2000-memory.dmp

Filesize
8KB

Download
memory/2484-10-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/2484-40-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/2484-57-0x00000000026C0000-0x00000000026C1000-memory.dmp

Filesize
4KB

Download
memory/2484-12-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

Filesize
4KB

Download
memory/2484-56-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/2484-55-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download
memory/2484-54-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/2484-53-0x00000000026B0000-0x00000000026B1000-memory.dmp

Filesize
4KB

Download
memory/2484-52-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/2484-51-0x0000000002690000-0x0000000002691000-memory.dmp

Filesize
4KB

Download
memory/2484-50-0x0000000002660000-0x0000000002661000-memory.dmp

Filesize
4KB

Download
memory/2484-49-0x0000000002670000-0x0000000002671000-memory.dmp

Filesize
4KB

Download
memory/2484-48-0x0000000002640000-0x0000000002641000-memory.dmp

Filesize
4KB

Download
memory/2484-70-0x0000000003690000-0x0000000003691000-memory.dmp

Filesize
4KB

Download
memory/2484-69-0x00000000036A0000-0x00000000036A1000-memory.dmp

Filesize
4KB

Download
memory/2484-68-0x0000000002890000-0x0000000002891000-memory.dmp

Filesize
4KB

Download
memory/2484-67-0x00000000035E0000-0x00000000035E1000-memory.dmp

Filesize
4KB

Download
memory/2484-66-0x0000000002870000-0x0000000002871000-memory.dmp

Filesize
4KB

Download
memory/2484-65-0x0000000002880000-0x0000000002881000-memory.dmp

Filesize
4KB

Download
memory/2484-64-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/2484-63-0x0000000002860000-0x0000000002861000-memory.dmp

Filesize
4KB

Download
memory/2484-62-0x0000000002830000-0x0000000002831000-memory.dmp

Filesize
4KB

Download
memory/2484-61-0x0000000002840000-0x0000000002841000-memory.dmp

Filesize
4KB

Download
memory/2484-60-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/2484-59-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/2484-58-0x0000000000400000-0x000000000058C000-memory.dmp

Filesize
1.5MB

Download
memory/2484-47-0x0000000002650000-0x0000000002651000-memory.dmp

Filesize
4KB

Download
memory/2484-46-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/2484-45-0x0000000002630000-0x0000000002631000-memory.dmp

Filesize
4KB

Download
memory/2484-44-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/2484-43-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/2484-42-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/2484-41-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/2484-39-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/2484-38-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2484-37-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2484-36-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/2484-35-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/2484-34-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/2484-33-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/2484-32-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/2484-31-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/2484-30-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/2484-29-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/2484-28-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/2484-27-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/2484-26-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/2484-25-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/2484-24-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/2484-23-0x00000000023D0000-0x00000000023D1000-memory.dmp

Filesize
4KB

Download
memory/2484-22-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/2484-21-0x00000000023B0000-0x00000000023B1000-memory.dmp

Filesize
4KB

Download
memory/2484-20-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/2484-19-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/2484-18-0x0000000002080000-0x0000000002081000-memory.dmp

Filesize
4KB

Download
memory/2484-17-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/2484-16-0x0000000002010000-0x0000000002011000-memory.dmp

Filesize
4KB

Download
memory/2484-15-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

Filesize
4KB

Download
memory/2484-14-0x00000000006C0000-0x00000000006C1000-memory.dmp

Filesize
4KB

Download
memory/2484-13-0x0000000002000000-0x0000000002001000-memory.dmp

Filesize
4KB

Download
memory/2484-71-0x00000000002A0000-0x00000000002D2000-memory.dmp

Filesize
200KB

Download
memory/2484-75-0x00000000039E0000-0x00000000039E1000-memory.dmp

Filesize
4KB

Download
memory/2484-74-0x00000000039F0000-0x00000000039F1000-memory.dmp

Filesize
4KB

Download
memory/2484-73-0x00000000039C0000-0x00000000039C1000-memory.dmp

Filesize
4KB

Download
memory/2484-72-0x00000000039D0000-0x00000000039D1000-memory.dmp

Filesize
4KB

Download
memory/2484-76-0x00000000026C0000-0x00000000026C1000-memory.dmp

Filesize
4KB

Download
memory/2484-77-0x0000000000400000-0x000000000058C000-memory.dmp

Filesize
1.5MB

Download
memory/2484-78-0x0000000000400000-0x000000000058C000-memory.dmp

Filesize
1.5MB

Download
memory/2484-79-0x0000000000400000-0x000000000058C000-memory.dmp

Filesize
1.5MB

Download
memory/2484-80-0x0000000000400000-0x000000000058C000-memory.dmp

Filesize
1.5MB

Download
memory/2484-81-0x0000000000400000-0x000000000058C000-memory.dmp

Filesize
1.5MB

Download
memory/2484-82-0x0000000000400000-0x000000000058C000-memory.dmp

Filesize
1.5MB

Download
memory/2484-83-0x0000000000400000-0x000000000058C000-memory.dmp

Filesize
1.5MB

Download
memory/2484-84-0x0000000000400000-0x000000000058C000-memory.dmp

Filesize
1.5MB

Download
memory/2484-85-0x0000000000400000-0x000000000058C000-memory.dmp

Filesize
1.5MB

Download
memory/2484-86-0x0000000000400000-0x000000000058C000-memory.dmp

Filesize
1.5MB

Download
memory/2484-87-0x0000000000400000-0x000000000058C000-memory.dmp

Filesize
1.5MB

Download
memory/2484-88-0x0000000000400000-0x000000000058C000-memory.dmp

Filesize
1.5MB

Download
memory/2484-89-0x0000000000400000-0x000000000058C000-memory.dmp

Filesize
1.5MB

Download
memory/2484-90-0x0000000000400000-0x000000000058C000-memory.dmp

Filesize
1.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.