b1ac36000cee14b9c36aea4cef7f53ed2e7c18c9534b4ff66f07da11e8c07b59 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

Modrinth A...US.msi

windows7-x64

8

Modrinth A...US.msi

windows10-2004-x64

8

Sharing

General

Target

Modrinth App_0.7.1_x64_en-US.msi
Size

5.0MB
Sample

240509-qpxl5abg61
MD5

5003486a784143bc96c3577172bbb44a
SHA1

9a960998807126041fae5b4fe9488d7ff3c5ca42
SHA256

b1ac36000cee14b9c36aea4cef7f53ed2e7c18c9534b4ff66f07da11e8c07b59
SHA512

3fd871414cffe35ae649dbb02935eddcad75ee094f2d61f2cef48827dfb852ff3b8e4211f913bf65e4619b2a4989a2807d876a920a105735ac3e59362802ee19
SSDEEP

98304:fNT+6HE4ThcGalSS9d+udj3mYcCqQcgT3XV8tEbETvsDHaLqV710ZZ9rPzrPW:1/HMlS2JxmYcmcg7XGqb6Msq51GP

Score

8^/10

discovery execution persistence

Static task

static1

Behavioral task

behavioral1

Sample

Modrinth App_0.7.1_x64_en-US.msi

Resource

win7-20240221-en

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

Modrinth App_0.7.1_x64_en-US.msi

Resource

win10v2004-20240508-en

discovery execution persistence

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  Modrinth App_0.7.1_x64_en-US.msi
- Size
  
  5.0MB
- MD5
  
  5003486a784143bc96c3577172bbb44a
- SHA1
  
  9a960998807126041fae5b4fe9488d7ff3c5ca42
- SHA256
  
  b1ac36000cee14b9c36aea4cef7f53ed2e7c18c9534b4ff66f07da11e8c07b59
- SHA512
  
  3fd871414cffe35ae649dbb02935eddcad75ee094f2d61f2cef48827dfb852ff3b8e4211f913bf65e4619b2a4989a2807d876a920a105735ac3e59362802ee19
- SSDEEP
  
  98304:fNT+6HE4ThcGalSS9d+udj3mYcCqQcgT3XV8tEbETvsDHaLqV710ZZ9rPzrPW:1/HMlS2JxmYcmcg7XGqb6Msq51GP
Score

8^/10

execution discovery persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Blocklisted process makes network request
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryexecutionpersistence

© 2018-2025

Terms | Privacy