Overview

overview

10

Static

static

7

403518179/...ass.js

windows7-x64

3

403518179/...ass.js

windows10-2004-x64

3

403518179/...ml.exe

windows7-x64

10

403518179/...ml.exe

windows10-2004-x64

10

403518179/...t1.exe

windows7-x64

7

403518179/...t1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    01-07-2024 09:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    403518179/TEXT2HTML13/text2html.exe

  • Size

    295KB

  • MD5

    7df17e6f492e779e8b73e04069f06a77

  • SHA1

    2da8d96d604d72ba27c64cd0c5b1dca6fb359a97

  • SHA256

    32410ff3e7b6f2e206aff674135ea3d5b703b4b1be25c78e7c0595c468d27bd2

  • SHA512

    94e51905a30b816695a1930d3190cbcf4818023aa99392908d619460d7dd36d518f2433b46d79883a112a1445d98725cecddf40aebca5ba9e4819d237f552e70

  • SSDEEP

    6144:wl4MI7sUKhMsMHcJQcH7tyytkWIrEBf4eMSB+I0Bs3uJ:8UKGs0+DHMBWIa4aBH0BseJ

Score
10/10
modiloadertrojanupx

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader First Stage 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\403518179\TEXT2HTML13\text2html.exe
    "C:\Users\Admin\AppData\Local\Temp\403518179\TEXT2HTML13\text2html.exe"
    1⤵
    • Drops file in Windows directory
    PID:1976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\403518179\TEXT2HTML13\TEXT2HTML.ini
    Filesize

    1KB

    MD5

    a0e991b9f1df458487aa62ffe6671671

    SHA1

    d22ce705f99d2f0fb95f37c91b3bf895aa7dd041

    SHA256

    2563389f25944ea169d1872f5910235a183b711e342f4565e1e8502b3b8b1bb6

    SHA512

    c2993f05428fe32221e2b717883c51ce82907c6378fcf27040e88b466f3dae143aaba342a1234e3a6c6b05c4c4779f7af7f47c81b17a2865136f47208264953d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\403518179\TEXT2HTML13\TEXT2HTML.ini
    Filesize

    1KB

    MD5

    f1dbc2157a6e036d4d64cee56e1c951d

    SHA1

    a1cd432704c1334ae980d7b0109c353e08f9bea9

    SHA256

    c0650a1481b455a1472ed60a46f962300727acc4c87c360358a7b257a5f87e8b

    SHA512

    09a2f6bc1119fb366a7c6e0f9de1045fb74386306abbaab5fde226d8770785602361510ed7adecc7ae1f6b44db1bfc8fb320db1d1d4c7e157f1eff2dee99760d

    Download Submit
  • memory/1976-0-0x0000000000400000-0x00000000004CA000-memory.dmp
    Filesize

    808KB

    Download
  • memory/1976-1-0x0000000000220000-0x0000000000221000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1976-2-0x0000000000400000-0x00000000004CA000-memory.dmp
    Filesize

    808KB

    Download
  • memory/1976-63-0x0000000000400000-0x00000000004CA000-memory.dmp
    Filesize

    808KB

    Download