modiloader | 6aa4387e64709dac5e1056fe88d053fcf2721758e0cc061ed1f2c5036d489d3a

Analysis

max time kernel
130s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 01:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17a2d20472e063786e78758a6334003e.exe
Size

675KB
MD5

17a2d20472e063786e78758a6334003e
SHA1

26bbe3616bb6aaf493ce23e9a456e21a654bb221
SHA256

6aa4387e64709dac5e1056fe88d053fcf2721758e0cc061ed1f2c5036d489d3a
SHA512

291f732a741521ffa4d0c71a4e9f83c875055aae5fe4d0cb6a30a9dec3ce99311c38ad7a2e0ef9e84fab42d2bf139fa5814bd0e704103bceadd482a6accb36da
SSDEEP

12288:yc/dweTqQKgLr6Qw7cMPyD+R7awulbXIxF3Z4mxxiDqVTVOC5:yc/dw1Q/v6F7vPyDq7LupXOQmX5VTz5

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader
ModiLoader Second Stage 1 IoCs

Processes:

resource yara_rule

behavioral2/memory/1556-15-0x0000000000400000-0x000000000056D000-memory.dmp modiloader_stage2
Drops file in Program Files directory 1 IoCs

Processes:

17a2d20472e063786e78758a6334003e.exe

description ioc process

File created C:\Program Files\Common Files\Microsoft Shared\MSINFO\FieleWay.txt 17a2d20472e063786e78758a6334003e.exe

resource	yara_rule
behavioral2/memory/1556-15-0x0000000000400000-0x000000000056D000-memory.dmp	modiloader_stage2

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\FieleWay.txt	17a2d20472e063786e78758a6334003e.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

17a2d20472e063786e78758a6334003e.exe

description	pid	process	target process
PID 1556 wrote to memory of 5000	1556	17a2d20472e063786e78758a6334003e.exe	IEXPLORE.EXE
PID 1556 wrote to memory of 5000	1556	17a2d20472e063786e78758a6334003e.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\17a2d20472e063786e78758a6334003e.exe
"C:\Users\Admin\AppData\Local\Temp\17a2d20472e063786e78758a6334003e.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1556

C:\program files\internet explorer\IEXPLORE.EXE
"C:\program files\internet explorer\IEXPLORE.EXE"
2⤵
PID:5000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1556-1-0x0000000002200000-0x0000000002254000-memory.dmp

Filesize
336KB

Download
memory/1556-0-0x0000000000400000-0x000000000056D000-memory.dmp

Filesize
1.4MB

Download
memory/1556-11-0x00000000033E0000-0x000000000348A000-memory.dmp

Filesize
680KB

Download
memory/1556-10-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/1556-9-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/1556-8-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/1556-7-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/1556-6-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/1556-5-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/1556-13-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/1556-12-0x00000000033E0000-0x00000000033E1000-memory.dmp

Filesize
4KB

Download
memory/1556-4-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/1556-3-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/1556-2-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/1556-15-0x0000000000400000-0x000000000056D000-memory.dmp

Filesize
1.4MB

Download
memory/1556-17-0x00000000033E0000-0x00000000033E6000-memory.dmp

Filesize
24KB

Download
memory/1556-16-0x0000000002200000-0x0000000002254000-memory.dmp

Filesize
336KB

Download