c2d32b65e9e9516c2653c0ac88c975a61b9bedb694c44ff70ca01f7b5ba34bbc

General

Target

modio-5-3-en-win (1).exe
Size

1.9MB
MD5

abc04b6edd6bef467f2da78912dcabbd
SHA1

3be94b55305b5061b24f5e80f09a8afbb6b44ad0
SHA256

c2d32b65e9e9516c2653c0ac88c975a61b9bedb694c44ff70ca01f7b5ba34bbc
SHA512

560455ff55e3b5b149a31ebcd33da825e875b26854ca77d4ddae062beb458a39bdd62c5a5ca13f31a21404a3f4ad7deb6c4b9fffa8ab980bcd4f1ecc2f5af5e0
SSDEEP

49152:i9J8Leica8VrwjQBFd0Ds1FVx0nwt56Edvca:shivz4FdfZxewpN

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1056	modio-5-3-en-win (1).tmp
1488	Modio.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Modio 5\lzo2.dll	modio-5-3-en-win (1).tmp
File created	C:\Program Files (x86)\Modio 5\unins000.dat	modio-5-3-en-win (1).tmp
File created	C:\Program Files (x86)\Modio 5\is-QTD5B.tmp	modio-5-3-en-win (1).tmp
File created	C:\Program Files (x86)\Modio 5\is-EASAL.tmp	modio-5-3-en-win (1).tmp
File created	C:\Program Files (x86)\Modio 5\is-PTMDF.tmp	modio-5-3-en-win (1).tmp
File opened for modification	C:\Program Files (x86)\Modio 5\unins000.dat	modio-5-3-en-win (1).tmp
File opened for modification	C:\Program Files (x86)\Modio 5\Modio.exe	modio-5-3-en-win (1).tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1056	modio-5-3-en-win (1).tmp
1056	modio-5-3-en-win (1).tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1056	modio-5-3-en-win (1).tmp

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 1056	2468	modio-5-3-en-win (1).exe	22
PID 2468 wrote to memory of 1056	2468	modio-5-3-en-win (1).exe	22
PID 2468 wrote to memory of 1056	2468	modio-5-3-en-win (1).exe	22
PID 1056 wrote to memory of 1488	1056	modio-5-3-en-win (1).tmp	104
PID 1056 wrote to memory of 1488	1056	modio-5-3-en-win (1).tmp	104
PID 1056 wrote to memory of 1488	1056	modio-5-3-en-win (1).tmp	104

C:\Users\Admin\AppData\Local\Temp\modio-5-3-en-win (1).exe
"C:\Users\Admin\AppData\Local\Temp\modio-5-3-en-win (1).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Users\Admin\AppData\Local\Temp\is-0G3UA.tmp\modio-5-3-en-win (1).tmp
  "C:\Users\Admin\AppData\Local\Temp\is-0G3UA.tmp\modio-5-3-en-win (1).tmp" /SL5="$80064,1745570,424960,C:\Users\Admin\AppData\Local\Temp\modio-5-3-en-win (1).exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1056
- - C:\Program Files (x86)\Modio 5\Modio.exe
    "C:\Program Files (x86)\Modio 5\Modio.exe"
    3⤵
    - Executes dropped EXE
    PID:1488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Modio 5\Modio.exe

Filesize
1.3MB

MD5
b9c7a8de1df01cbe9d74cd41b225cd9f

SHA1
b5dbe7fa7e6b28068786f437fe72244d0874e33c

SHA256
b20d97f8cd6d4f0499055e79ba826dfbbd75c646a5b73fc6648512b8d6527d7f

SHA512
ed04a03a4e458b0063aa390a229a229f325436d1e8334c361237847490029e87dfbd2f81d067b7526d6934dbdd00825fba3b5a84e105223691a437ead3b57a12

Download Submit
C:\Program Files (x86)\Modio 5\Modio.exe

Filesize
1.4MB

MD5
78076ba56d3e07c5f8417fde3c4d1637

SHA1
d112820f8bae96732ae6f4c249402b5995fa4d76

SHA256
d7984f704b27b636d5b09249f258c92ea5a29d58ecbcfc13e62dc6d3f9d7780e

SHA512
d008c54036f43f7969c0898f3788b83f23fe2cd77e7ee6c939f1938683a9ee4f2a76914805fb9eb49c4c2fa62d1e5c01f5e8ff6d3301c806ce38107c115cdeff

Download Submit
C:\Program Files (x86)\Modio 5\Modio.exe

Filesize
787KB

MD5
c31e5a46f97b561942b53dab5d16bb29

SHA1
2a7445c9bf257645f626d5444857ac4b46499677

SHA256
4bba4c246f4c2f59c76b2135149998f8a96fce7cceae945fb68903e086670110

SHA512
906d34ae3d39ae0ca1e85cf6ffbcea386d72306ace19992be192bfde707ce8a56f9fcc334cb5f3e9c3a0504362d54d83c2466dd88716b1549b98bf861c1de018

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0G3UA.tmp\modio-5-3-en-win (1).tmp

Filesize
92KB

MD5
41a95a385fe271ffd50df5591f3076a0

SHA1
e37484c43c23adf2a3548c044abf4f35fe7a65ec

SHA256
39882cf0c653e9f702895380e793a7572be93dd3f03afb972e81a14a4e941b15

SHA512
44c6e3eb90e508643b901d327b63a22d4ef2ed670b25231860abf815d146fc240444f3f926894ffecd85c4247aafc27106e63134536cf52f7693eefdec3f437e

Download Submit
memory/1056-7-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/1056-41-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download
memory/1056-13-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download
memory/1056-16-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/1056-22-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download
memory/1488-44-0x00000000000D0000-0x0000000000348000-memory.dmp

Filesize
2.5MB

Download
memory/1488-52-0x0000000005070000-0x0000000005080000-memory.dmp

Filesize
64KB

Download
memory/1488-55-0x0000000005070000-0x0000000005080000-memory.dmp

Filesize
64KB

Download
memory/1488-54-0x0000000005070000-0x0000000005080000-memory.dmp

Filesize
64KB

Download
memory/1488-43-0x0000000073720000-0x0000000073ED0000-memory.dmp

Filesize
7.7MB

Download
memory/1488-53-0x0000000073720000-0x0000000073ED0000-memory.dmp

Filesize
7.7MB

Download
memory/1488-46-0x0000000004D70000-0x0000000004E0C000-memory.dmp

Filesize
624KB

Download
memory/1488-47-0x0000000004EB0000-0x0000000004F42000-memory.dmp

Filesize
584KB

Download
memory/1488-45-0x0000000005320000-0x00000000058C4000-memory.dmp

Filesize
5.6MB

Download
memory/1488-48-0x0000000005070000-0x0000000005080000-memory.dmp

Filesize
64KB

Download
memory/1488-50-0x0000000004F50000-0x0000000004FA6000-memory.dmp

Filesize
344KB

Download
memory/1488-49-0x0000000004D30000-0x0000000004D3A000-memory.dmp

Filesize
40KB

Download
memory/1488-51-0x0000000006440000-0x00000000064A6000-memory.dmp

Filesize
408KB

Download
memory/2468-12-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/2468-42-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/2468-2-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/2468-0-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download

Analysis

Sharing