Overview

overview

3

Static

static

3

WeMod-Setup.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    33s
  • max time network
    36s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/10/2024, 02:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WeMod-Setup.exe

  • Size

    141KB

  • MD5

    643ca6bf1510a2c8ffe176a31118357d

  • SHA1

    57ef9ae3fc07460521310caedefc6071aa8f9a18

  • SHA256

    15d0a0ae90662dfb78d3fffe93ac438144c1fdb9eafc29436b53412217745d6f

  • SHA512

    bcb266998bebeee07f8f814d7839a7bca4a1860557d4be6b7ac1b9e0ce01bd1e4b448ef95b7d98251e4de287ec94b562001ce56d4df76a77a019a03baacbb551

  • SSDEEP

    3072:XGjm4ILlCI+4COHCyhaEtHZugr7t4ILlCI+4TOHHSTs:Xr+bwaEtHBHto

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 38 IoCs
  • Suspicious use of SendNotifyMessage 38 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3152
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /0
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1528

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1528-30-0x000002042BCF0000-0x000002042BCF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1528-29-0x000002042BCF0000-0x000002042BCF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1528-25-0x000002042BCF0000-0x000002042BCF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1528-26-0x000002042BCF0000-0x000002042BCF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1528-27-0x000002042BCF0000-0x000002042BCF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1528-28-0x000002042BCF0000-0x000002042BCF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1528-18-0x000002042BCF0000-0x000002042BCF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1528-24-0x000002042BCF0000-0x000002042BCF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1528-19-0x000002042BCF0000-0x000002042BCF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1528-20-0x000002042BCF0000-0x000002042BCF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3152-1-0x00000176D3060000-0x00000176D3086000-memory.dmp

    Filesize

    152KB

    Download

  • memory/3152-17-0x00007FFE012B0000-0x00007FFE01D71000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3152-0-0x00007FFE012B3000-0x00007FFE012B5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3152-16-0x00000176ED8A0000-0x00000176EDFF7000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/3152-5-0x00007FFE012B0000-0x00007FFE01D71000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3152-4-0x00007FFE012B0000-0x00007FFE01D71000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3152-3-0x00007FFE012B0000-0x00007FFE01D71000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3152-2-0x00007FFE012B0000-0x00007FFE01D71000-memory.dmp

    Filesize

    10.8MB

    Download