Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

modio-5-3-...1).exe

windows7-x64

7

modio-5-3-...1).exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/01/2024, 18:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    modio-5-3-en-win (1).exe

  • Size

    1.9MB

  • MD5

    abc04b6edd6bef467f2da78912dcabbd

  • SHA1

    3be94b55305b5061b24f5e80f09a8afbb6b44ad0

  • SHA256

    c2d32b65e9e9516c2653c0ac88c975a61b9bedb694c44ff70ca01f7b5ba34bbc

  • SHA512

    560455ff55e3b5b149a31ebcd33da825e875b26854ca77d4ddae062beb458a39bdd62c5a5ca13f31a21404a3f4ad7deb6c4b9fffa8ab980bcd4f1ecc2f5af5e0

  • SSDEEP

    49152:i9J8Leica8VrwjQBFd0Ds1FVx0nwt56Edvca:shivz4FdfZxewpN

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 5 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 51 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\modio-5-3-en-win (1).exe
    "C:\Users\Admin\AppData\Local\Temp\modio-5-3-en-win (1).exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Users\Admin\AppData\Local\Temp\is-PKGBB.tmp\modio-5-3-en-win (1).tmp
      "C:\Users\Admin\AppData\Local\Temp\is-PKGBB.tmp\modio-5-3-en-win (1).tmp" /SL5="$5015E,1745570,424960,C:\Users\Admin\AppData\Local\Temp\modio-5-3-en-win (1).exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2912
      • C:\Program Files (x86)\Modio 5\Modio.exe
        "C:\Program Files (x86)\Modio 5\Modio.exe"
        3⤵
        • Executes dropped EXE
        • Modifies registry class
        PID:2100
  • C:\Program Files (x86)\Modio 5\Modio.exe
    "C:\Program Files (x86)\Modio 5\Modio.exe"
    1⤵
    • Executes dropped EXE
    • Modifies registry class
    PID:1760
  • C:\Program Files (x86)\Modio 5\Modio.exe
    "C:\Program Files (x86)\Modio 5\Modio.exe"
    1⤵
    • Executes dropped EXE
    • Modifies registry class
    PID:1500
  • C:\Program Files (x86)\Modio 5\Modio.exe
    "C:\Program Files (x86)\Modio 5\Modio.exe"
    1⤵
    • Executes dropped EXE
    • Modifies registry class
    PID:1544

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Modio 5\Modio.exe
    Filesize

    1.8MB

    MD5

    67475b6ca40203045b74e5846ab4b7bb

    SHA1

    fcce13a4a7a9791c4c736bdc90023b8028ee9a45

    SHA256

    c52ca88f05cfba1b10ace5284e4d1be684c5436c007bf8cad2813f054ba8323a

    SHA512

    8d1b6fc047a1b0003f01944015863df53dc6ae7ab2fbe25cfa03eb02a2991dfe416d4a8fa7cc37d0687b839339529eb93a723736abf983eeca8ef9ae5ea20db9

    Download Submit

  • C:\Program Files (x86)\Modio 5\Modio.exe
    Filesize

    183KB

    MD5

    102d7ff27f3b7c6dddbbca18a09de639

    SHA1

    a7718a3179c4b372925782a0e7abac9711b0dc65

    SHA256

    c3a9c1e58267d3ca8a7b0681978ec33b8b7da91c3fae0cfbc962c460df7dec6b

    SHA512

    3d019d8b35dccb93b7d5f0baceda0ecfd2e9f0c73e009130e7e35703d1c2d932157f3672837d21d136e1cd4fff4992b5b6e9a7353bb7ffd91ae6a32fd00b717f

    Download Submit

  • C:\Program Files (x86)\Modio 5\Modio.exe
    Filesize

    2.5MB

    MD5

    22811bbf74eb0a9716f9c2a83bf495d4

    SHA1

    cd5f6ea40dda45f6f0af407db19bf75fc3b389c1

    SHA256

    c970768496db58916a88e52162560bb0cbd4044e0555da9e0e17dacd2b45a2e0

    SHA512

    4b93b6763215d12cd724fb4710da2ede6e2d0e21453c1e3035fcc228ed7fb09ed78e6dc4b1d1f11a2e723c8af79b42c4861b3cacd4dc901893a4d11e3705feaf

    Download Submit

  • C:\Program Files (x86)\Modio 5\Modio.exe
    Filesize

    1.6MB

    MD5

    2fa51347c75e8f4eac762d2ee3f478f9

    SHA1

    423dfc0d8651b00491cf820deee12e339bcefdd5

    SHA256

    f5a31bcfa2f9b67b062e68673706b71d3c48740ff1fedb4875c1e120ffb453c0

    SHA512

    f0fd1a1ea1b373ea7df99ed8176821efc0e5b580c12be1556fea970f828eb94934acf5d8bffa613389627f16b6f0f074692325dd535de5d1390e312f06d9120b

    Download Submit

  • C:\Program Files (x86)\Modio 5\Modio.exe
    Filesize

    1.0MB

    MD5

    2ea78f0558fbd6fcaab92565d00d86d6

    SHA1

    d0040594f38056225de5f0732d3b43ecda1186b8

    SHA256

    614b1428b661b3e31a4894c9f9b4e8c8bf3cb21f558391d4bf38ec03d0d65c1a

    SHA512

    2718540233aa980cd94fb203de41259f57570c1865f8f4cd7553489b9c9c122a25598eebea667df69122cbab3b398558db07abc0399f6f77bebcad6d1b003249

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-PKGBB.tmp\modio-5-3-en-win (1).tmp
    Filesize

    1.0MB

    MD5

    6edb5b73154ad2684063d7e43591d8e5

    SHA1

    fc23f0523cad148b782f3655c00320ee52cc03d5

    SHA256

    44d179204ce2ab59c15b787b05abaf1dabfa9eba6a37ad4559073f250adfd9db

    SHA512

    ca84ad3a97e480de5432675f8d1f6ee33d71319801852740019e2d6b51430eb325db1add09e1e4dfda9657baa07a79e2adec5107361502eea4c7d8a69a25f474

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-PKGBB.tmp\modio-5-3-en-win (1).tmp
    Filesize

    318KB

    MD5

    04cadda56dfce788043a317cb22f7a5b

    SHA1

    dc4a58c482f7a84fd578c406e354e781e910c039

    SHA256

    0eff951672f9f3c2028ccdec2f97f5d673ead8c936bc629d60e28859f845545c

    SHA512

    c35f2c0f54c1eceb487394af4000c6bcb1758aa7573d95b250155352bacd254f348d95ad7c3d263b6e7d5d8de19bf766bf7a474a44536d4463b5f6cd5d0e7813

    Download Submit

  • \Program Files (x86)\Modio 5\Modio.exe
    Filesize

    1.7MB

    MD5

    107a93639e2368bcdd70c196be8c5e3a

    SHA1

    9bf4e536d7a89004e26b3860b608898cae29db70

    SHA256

    638f64659fc856fb7170bc975c22728dbd2e0f07ceb77461f9eed352076522fd

    SHA512

    bb7a02d9aec6727d268194fd41d6ea76f1094adcb0468824e05bfe3215d70536efb1813b886666651bd8d3596a4425deb37ecc1f998f63a2d452873ed287f714

    Download Submit

  • \Program Files (x86)\Modio 5\Modio.exe
    Filesize

    2.1MB

    MD5

    d4c379d504d98c927b678bd5b9c8a804

    SHA1

    7463e32bd77f1423f956bf92960e40ed6a1d62ae

    SHA256

    3fc3bdc8b0ee75ced1efeab296a98cad29deb4e60d51467970af2298f0f8c813

    SHA512

    b481d3e90a2b0767b842ad3591a6c5ee577f36d94876cf793f2af27079d1c4d85147150f3a8e6db41258ac7f8c268fa14ca4442db6fb73658f1f097a366b91ae

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-7O9MU.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-PKGBB.tmp\modio-5-3-en-win (1).tmp
    Filesize

    311KB

    MD5

    57ebf4ce7d9e7b5bf5bae3087507912d

    SHA1

    db609c3aae1a16cc99dc1372dc4bb076bdc73350

    SHA256

    447149ad5e3a2aace337d6c899002c3ca771964bc1b0cd63f94609a1a51e7b3a

    SHA512

    b3b8392110ebcea888c886e5375d585a45b4bb40fc9458dfc3e07c2ecf1a698eba4e3224c804f1a5bc5d301a0bd5f532f9ced513805975a17d9a5046965490ec

    Download Submit

  • memory/1500-61-0x00000000003F0000-0x0000000000668000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1500-62-0x0000000074C90000-0x000000007537E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1500-64-0x0000000074C90000-0x000000007537E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1500-63-0x0000000004F30000-0x0000000004F70000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1544-69-0x0000000074CD0000-0x00000000753BE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1544-68-0x0000000005030000-0x0000000005070000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1544-66-0x0000000000BB0000-0x0000000000E28000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1544-67-0x0000000074CD0000-0x00000000753BE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1760-57-0x0000000074CD0000-0x00000000753BE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1760-56-0x0000000000190000-0x0000000000408000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1760-58-0x0000000004F90000-0x0000000004FD0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1760-59-0x0000000074CD0000-0x00000000753BE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2100-54-0x0000000074D60000-0x000000007544E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2100-53-0x0000000004E60000-0x0000000004EA0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2100-51-0x0000000000210000-0x0000000000488000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2100-52-0x0000000074D60000-0x000000007544E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2708-2-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2708-15-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2708-0-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2708-50-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2912-34-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2912-49-0x0000000000400000-0x0000000000517000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2912-8-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2912-16-0x0000000000400000-0x0000000000517000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2912-37-0x0000000000400000-0x0000000000517000-memory.dmp

    Filesize

    1.1MB

    Download