Analysis
-
max time kernel
33s -
max time network
36s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
15/10/2024, 02:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
WeMod-Setup.exe
Resource
win10v2004-20241007-en
6 signatures
150 seconds
General
-
Target
WeMod-Setup.exe
-
Size
141KB
-
MD5
643ca6bf1510a2c8ffe176a31118357d
-
SHA1
57ef9ae3fc07460521310caedefc6071aa8f9a18
-
SHA256
15d0a0ae90662dfb78d3fffe93ac438144c1fdb9eafc29436b53412217745d6f
-
SHA512
bcb266998bebeee07f8f814d7839a7bca4a1860557d4be6b7ac1b9e0ce01bd1e4b448ef95b7d98251e4de287ec94b562001ce56d4df76a77a019a03baacbb551
-
SSDEEP
3072:XGjm4ILlCI+4COHCyhaEtHZugr7t4ILlCI+4TOHHSTs:Xr+bwaEtHBHto
Score
1/10
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Suspicious behavior: EnumeratesProcesses 28 IoCs
pid Process 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 1528 taskmgr.exe Token: SeSystemProfilePrivilege 1528 taskmgr.exe Token: SeCreateGlobalPrivilege 1528 taskmgr.exe -
Suspicious use of FindShellTrayWindow 38 IoCs
pid Process 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe -
Suspicious use of SendNotifyMessage 38 IoCs
pid Process 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe 1528 taskmgr.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3152 WeMod-Setup.exe 3152 WeMod-Setup.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe"C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:3152
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1528