3b5b0e7b8ac47034ad80bb38327b16d1d79d1b6dcb8b0703ff290fb3a7ae753b

Analysis

max time kernel
135s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2023, 20:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

wave-client-5.1.0.37133-windows_x64.exe
Size

152.5MB
MD5

b11e2fbda4a0f56b51acf3aa5940782c
SHA1

ff785c1d84f588b7e8c13ecd907cc03b6467f6b0
SHA256

3b5b0e7b8ac47034ad80bb38327b16d1d79d1b6dcb8b0703ff290fb3a7ae753b
SHA512

1e18201c02c454fd58b94d74ab70a8200fbba63dfec881eedcb4cfba235190065ef9c0a6c9c4fcb36f5135fcc4f67aaa577b718b0b35c77aed64dc02d9fba3c8
SSDEEP

3145728:MfQZLe6eUnANawGKeqMj7W3KEMNdlMh3N7afG6yT3Y5TZmEB+Vf+X89BV2ksz:MqLpHh1qMibSLMh3h8GTY5TZB+vj2d

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 1 IoCs

pid	Process
1040	wave-client-5.1.0.37133-windows_x64.exe

Loads dropped DLL 1 IoCs

pid	Process
1040	wave-client-5.1.0.37133-windows_x64.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3496 wrote to memory of 1040	3496	wave-client-5.1.0.37133-windows_x64.exe	85
PID 3496 wrote to memory of 1040	3496	wave-client-5.1.0.37133-windows_x64.exe	85
PID 3496 wrote to memory of 1040	3496	wave-client-5.1.0.37133-windows_x64.exe	85

C:\Users\Admin\AppData\Local\Temp\wave-client-5.1.0.37133-windows_x64.exe
"C:\Users\Admin\AppData\Local\Temp\wave-client-5.1.0.37133-windows_x64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3496
- C:\Windows\Temp\{2E2A193D-E019-481B-9DE7-D146BC29905F}\.cr\wave-client-5.1.0.37133-windows_x64.exe
  "C:\Windows\Temp\{2E2A193D-E019-481B-9DE7-D146BC29905F}\.cr\wave-client-5.1.0.37133-windows_x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\wave-client-5.1.0.37133-windows_x64.exe" -burn.filehandle.attached=536 -burn.filehandle.self=656
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Temp\{2E2A193D-E019-481B-9DE7-D146BC29905F}\.cr\wave-client-5.1.0.37133-windows_x64.exe

Filesize
661KB

MD5
cadf30c2a8b30f4c9445c8b2e80b014f

SHA1
56a0772329c560f9da901eef0fa8bf442232599b

SHA256
4ceee8e0b635226f3187e5fc415e5d868947c2a467ee020cd60548ee3bba8eeb

SHA512
9f7fed4f9eb7cc2d21164503786e2420e29c9b08b42359eb5232d821b0ff03fa0c437c5b5308bc39ee397c0099ad8a70e5c34f74f239434dbc33dc4fd1f735a8

Download Submit
C:\Windows\Temp\{2E2A193D-E019-481B-9DE7-D146BC29905F}\.cr\wave-client-5.1.0.37133-windows_x64.exe

Filesize
661KB

MD5
cadf30c2a8b30f4c9445c8b2e80b014f

SHA1
56a0772329c560f9da901eef0fa8bf442232599b

SHA256
4ceee8e0b635226f3187e5fc415e5d868947c2a467ee020cd60548ee3bba8eeb

SHA512
9f7fed4f9eb7cc2d21164503786e2420e29c9b08b42359eb5232d821b0ff03fa0c437c5b5308bc39ee397c0099ad8a70e5c34f74f239434dbc33dc4fd1f735a8

Download Submit
C:\Windows\Temp\{46939385-A42F-4324-8BCA-90096EC26C70}\.ba\installer_bg.png

Filesize
54KB

MD5
e69b74662ab6400aaa34dd9c263e0a0c

SHA1
75140165f1a8001a75ddf33fda3e64aec56c1cb6

SHA256
14c0ca5aef00e744681b7aee17e96a16cfe517832fc721eae6a9ed1b33aa7c7e

SHA512
82e8b74f6a33bb60a52d7ce9a9f147ee7ecca27b786e884ab9009b2a3d830fef143564f59154254e3ad8fd85dbb7aeb0f4b6f1f80263a5650ff9130911281dd7

Download Submit
C:\Windows\Temp\{46939385-A42F-4324-8BCA-90096EC26C70}\.ba\logo-102x102.png

Filesize
3KB

MD5
2379ecdc7d19d2470f0af20d65b89fed

SHA1
aacbbb091651e9b9b0fcabb5bef40ba655905022

SHA256
d66c84af39cda565167fe048abdfadf511e3c606a68e1f7d73b93b2ad5bb9257

SHA512
d681f91464c4f1116c30403ef01e2d37c4db68dea672617251873169a7d1667289e36e9ce1578e6346e999b01a8dcc21985f08c45fb00ea41645332f89129234

Download Submit
C:\Windows\Temp\{46939385-A42F-4324-8BCA-90096EC26C70}\.ba\logo-64x64.png

Filesize
2KB

MD5
9f77169935e925040966f358c26da253

SHA1
b3476f0422ec7b3563e3884f500f53e24d362075

SHA256
49c9207661a5a3df71e34880b72711e4b0fe317db4fe26ef74a678a5023df2e5

SHA512
d11a9e6f5f53575d03733b6c2e5ac31ab210851f8eeddd6337cd5776126bc6db085369742335df3283adb220b4ec54b6c78408ce8b3729b770f725c529ebe257

Download Submit
C:\Windows\Temp\{46939385-A42F-4324-8BCA-90096EC26C70}\.ba\wixstdba.dll

Filesize
175KB

MD5
6ba2e331e0f447aaff0e8142df5f7230

SHA1
7a3f7fb93e7bdcf04fa83b50bde1d939b1864023

SHA256
58a135101a2044d96f470e29369a8214c5c2add774488d73c6ae81a588582239

SHA512
e137eb9f07e3b8ed03b309dd63e4fa9a4993e53b6d54c4c77ac289609811144fd66b49126b1168ebe8fa80669a765a51c1e72444d8c4deace091b65708d67d3b

Download Submit