Overview

overview

7

Static

static

3

modio-5-3-...1).exe

windows7-x64

7

modio-5-3-...1).exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/01/2024, 18:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    modio-5-3-en-win (1).exe

  • Size

    1.9MB

  • MD5

    abc04b6edd6bef467f2da78912dcabbd

  • SHA1

    3be94b55305b5061b24f5e80f09a8afbb6b44ad0

  • SHA256

    c2d32b65e9e9516c2653c0ac88c975a61b9bedb694c44ff70ca01f7b5ba34bbc

  • SHA512

    560455ff55e3b5b149a31ebcd33da825e875b26854ca77d4ddae062beb458a39bdd62c5a5ca13f31a21404a3f4ad7deb6c4b9fffa8ab980bcd4f1ecc2f5af5e0

  • SSDEEP

    49152:i9J8Leica8VrwjQBFd0Ds1FVx0nwt56Edvca:shivz4FdfZxewpN

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 5 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 51 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\modio-5-3-en-win (1).exe
    "C:\Users\Admin\AppData\Local\Temp\modio-5-3-en-win (1).exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Users\Admin\AppData\Local\Temp\is-PKGBB.tmp\modio-5-3-en-win (1).tmp
      "C:\Users\Admin\AppData\Local\Temp\is-PKGBB.tmp\modio-5-3-en-win (1).tmp" /SL5="$5015E,1745570,424960,C:\Users\Admin\AppData\Local\Temp\modio-5-3-en-win (1).exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2912
      • C:\Program Files (x86)\Modio 5\Modio.exe
        "C:\Program Files (x86)\Modio 5\Modio.exe"
        3⤵
        • Executes dropped EXE
        • Modifies registry class
        PID:2100
  • C:\Program Files (x86)\Modio 5\Modio.exe
    "C:\Program Files (x86)\Modio 5\Modio.exe"
    1⤵
    • Executes dropped EXE
    • Modifies registry class
    PID:1760
  • C:\Program Files (x86)\Modio 5\Modio.exe
    "C:\Program Files (x86)\Modio 5\Modio.exe"
    1⤵
    • Executes dropped EXE
    • Modifies registry class
    PID:1500
  • C:\Program Files (x86)\Modio 5\Modio.exe
    "C:\Program Files (x86)\Modio 5\Modio.exe"
    1⤵
    • Executes dropped EXE
    • Modifies registry class
    PID:1544

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Modio 5\Modio.exe
          Filesize

          1.8MB

          MD5

          67475b6ca40203045b74e5846ab4b7bb

          SHA1

          fcce13a4a7a9791c4c736bdc90023b8028ee9a45

          SHA256

          c52ca88f05cfba1b10ace5284e4d1be684c5436c007bf8cad2813f054ba8323a

          SHA512

          8d1b6fc047a1b0003f01944015863df53dc6ae7ab2fbe25cfa03eb02a2991dfe416d4a8fa7cc37d0687b839339529eb93a723736abf983eeca8ef9ae5ea20db9

          Download Submit

        • C:\Program Files (x86)\Modio 5\Modio.exe
          Filesize

          183KB

          MD5

          102d7ff27f3b7c6dddbbca18a09de639

          SHA1

          a7718a3179c4b372925782a0e7abac9711b0dc65

          SHA256

          c3a9c1e58267d3ca8a7b0681978ec33b8b7da91c3fae0cfbc962c460df7dec6b

          SHA512

          3d019d8b35dccb93b7d5f0baceda0ecfd2e9f0c73e009130e7e35703d1c2d932157f3672837d21d136e1cd4fff4992b5b6e9a7353bb7ffd91ae6a32fd00b717f

          Download Submit

        • C:\Program Files (x86)\Modio 5\Modio.exe
          Filesize

          2.5MB

          MD5

          22811bbf74eb0a9716f9c2a83bf495d4

          SHA1

          cd5f6ea40dda45f6f0af407db19bf75fc3b389c1

          SHA256

          c970768496db58916a88e52162560bb0cbd4044e0555da9e0e17dacd2b45a2e0

          SHA512

          4b93b6763215d12cd724fb4710da2ede6e2d0e21453c1e3035fcc228ed7fb09ed78e6dc4b1d1f11a2e723c8af79b42c4861b3cacd4dc901893a4d11e3705feaf

          Download Submit

        • C:\Program Files (x86)\Modio 5\Modio.exe
          Filesize

          1.6MB

          MD5

          2fa51347c75e8f4eac762d2ee3f478f9

          SHA1

          423dfc0d8651b00491cf820deee12e339bcefdd5

          SHA256

          f5a31bcfa2f9b67b062e68673706b71d3c48740ff1fedb4875c1e120ffb453c0

          SHA512

          f0fd1a1ea1b373ea7df99ed8176821efc0e5b580c12be1556fea970f828eb94934acf5d8bffa613389627f16b6f0f074692325dd535de5d1390e312f06d9120b

          Download Submit

        • C:\Program Files (x86)\Modio 5\Modio.exe
          Filesize

          1.0MB

          MD5

          2ea78f0558fbd6fcaab92565d00d86d6

          SHA1

          d0040594f38056225de5f0732d3b43ecda1186b8

          SHA256

          614b1428b661b3e31a4894c9f9b4e8c8bf3cb21f558391d4bf38ec03d0d65c1a

          SHA512

          2718540233aa980cd94fb203de41259f57570c1865f8f4cd7553489b9c9c122a25598eebea667df69122cbab3b398558db07abc0399f6f77bebcad6d1b003249

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\is-PKGBB.tmp\modio-5-3-en-win (1).tmp
          Filesize

          1.0MB

          MD5

          6edb5b73154ad2684063d7e43591d8e5

          SHA1

          fc23f0523cad148b782f3655c00320ee52cc03d5

          SHA256

          44d179204ce2ab59c15b787b05abaf1dabfa9eba6a37ad4559073f250adfd9db

          SHA512

          ca84ad3a97e480de5432675f8d1f6ee33d71319801852740019e2d6b51430eb325db1add09e1e4dfda9657baa07a79e2adec5107361502eea4c7d8a69a25f474

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\is-PKGBB.tmp\modio-5-3-en-win (1).tmp
          Filesize

          318KB

          MD5

          04cadda56dfce788043a317cb22f7a5b

          SHA1

          dc4a58c482f7a84fd578c406e354e781e910c039

          SHA256

          0eff951672f9f3c2028ccdec2f97f5d673ead8c936bc629d60e28859f845545c

          SHA512

          c35f2c0f54c1eceb487394af4000c6bcb1758aa7573d95b250155352bacd254f348d95ad7c3d263b6e7d5d8de19bf766bf7a474a44536d4463b5f6cd5d0e7813

          Download Submit

        • \Program Files (x86)\Modio 5\Modio.exe
          Filesize

          1.7MB

          MD5

          107a93639e2368bcdd70c196be8c5e3a

          SHA1

          9bf4e536d7a89004e26b3860b608898cae29db70

          SHA256

          638f64659fc856fb7170bc975c22728dbd2e0f07ceb77461f9eed352076522fd

          SHA512

          bb7a02d9aec6727d268194fd41d6ea76f1094adcb0468824e05bfe3215d70536efb1813b886666651bd8d3596a4425deb37ecc1f998f63a2d452873ed287f714

          Download Submit

        • \Program Files (x86)\Modio 5\Modio.exe
          Filesize

          2.1MB

          MD5

          d4c379d504d98c927b678bd5b9c8a804

          SHA1

          7463e32bd77f1423f956bf92960e40ed6a1d62ae

          SHA256

          3fc3bdc8b0ee75ced1efeab296a98cad29deb4e60d51467970af2298f0f8c813

          SHA512

          b481d3e90a2b0767b842ad3591a6c5ee577f36d94876cf793f2af27079d1c4d85147150f3a8e6db41258ac7f8c268fa14ca4442db6fb73658f1f097a366b91ae

          Download Submit

        • \Users\Admin\AppData\Local\Temp\is-7O9MU.tmp\_isetup\_shfoldr.dll
          Filesize

          22KB

          MD5

          92dc6ef532fbb4a5c3201469a5b5eb63

          SHA1

          3e89ff837147c16b4e41c30d6c796374e0b8e62c

          SHA256

          9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

          SHA512

          9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

          Download Submit

        • \Users\Admin\AppData\Local\Temp\is-PKGBB.tmp\modio-5-3-en-win (1).tmp
          Filesize

          311KB

          MD5

          57ebf4ce7d9e7b5bf5bae3087507912d

          SHA1

          db609c3aae1a16cc99dc1372dc4bb076bdc73350

          SHA256

          447149ad5e3a2aace337d6c899002c3ca771964bc1b0cd63f94609a1a51e7b3a

          SHA512

          b3b8392110ebcea888c886e5375d585a45b4bb40fc9458dfc3e07c2ecf1a698eba4e3224c804f1a5bc5d301a0bd5f532f9ced513805975a17d9a5046965490ec

          Download Submit

        • memory/1500-61-0x00000000003F0000-0x0000000000668000-memory.dmp

          Filesize

          2.5MB

          Download

        • memory/1500-62-0x0000000074C90000-0x000000007537E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/1500-64-0x0000000074C90000-0x000000007537E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/1500-63-0x0000000004F30000-0x0000000004F70000-memory.dmp

          Filesize

          256KB

          Download

        • memory/1544-69-0x0000000074CD0000-0x00000000753BE000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/1544-68-0x0000000005030000-0x0000000005070000-memory.dmp

          Filesize

          256KB

          Download

        • memory/1544-66-0x0000000000BB0000-0x0000000000E28000-memory.dmp

          Filesize

          2.5MB

          Download

        • memory/1544-67-0x0000000074CD0000-0x00000000753BE000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/1760-57-0x0000000074CD0000-0x00000000753BE000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/1760-56-0x0000000000190000-0x0000000000408000-memory.dmp

          Filesize

          2.5MB

          Download

        • memory/1760-58-0x0000000004F90000-0x0000000004FD0000-memory.dmp

          Filesize

          256KB

          Download

        • memory/1760-59-0x0000000074CD0000-0x00000000753BE000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2100-54-0x0000000074D60000-0x000000007544E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2100-53-0x0000000004E60000-0x0000000004EA0000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2100-51-0x0000000000210000-0x0000000000488000-memory.dmp

          Filesize

          2.5MB

          Download

        • memory/2100-52-0x0000000074D60000-0x000000007544E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2708-2-0x0000000000400000-0x000000000046E000-memory.dmp

          Filesize

          440KB

          Download

        • memory/2708-15-0x0000000000400000-0x000000000046E000-memory.dmp

          Filesize

          440KB

          Download

        • memory/2708-0-0x0000000000400000-0x000000000046E000-memory.dmp

          Filesize

          440KB

          Download

        • memory/2708-50-0x0000000000400000-0x000000000046E000-memory.dmp

          Filesize

          440KB

          Download

        • memory/2912-34-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2912-49-0x0000000000400000-0x0000000000517000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2912-8-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2912-16-0x0000000000400000-0x0000000000517000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2912-37-0x0000000000400000-0x0000000000517000-memory.dmp

          Filesize

          1.1MB

          Download