Overview

overview

7

Static

static

3

HA_WAVComb...RH.exe

windows7-x64

7

HA_WAVComb...RH.exe

windows10-2004-x64

7

下载说明.html

windows7-x64

1

下载说明.html

windows10-2004-x64

1

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/03/2024, 16:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HA_WAVCombiner1.0080_LRH.exe

  • Size

    1.4MB

  • MD5

    7ca72c756110b8bee357564504bdba06

  • SHA1

    2aab6c4c94dab68a58380648c13dc7d89c300a87

  • SHA256

    a524cab324bff294d1b17696977fad3933d22206279061c5ffdfc29b1becb713

  • SHA512

    354badaa9276ecc979552e6a468c18dc6b4d5e9ad7a0b8c83a8b717b42ac174b1469fa685c15df59d2326723c479c30b9741cd72953a6d85a7c2d5b870c6fa99

  • SSDEEP

    24576:QDS3rXb+8loieGWrGBRbhes00R/EXOlMGD3wRGbQP5xy2DgakhzA:QDS3H+2o1GWrgRb/QKMGcRGsPfy+ChzA

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\HA_WAVCombiner1.0080_LRH.exe
    "C:\Users\Admin\AppData\Local\Temp\HA_WAVCombiner1.0080_LRH.exe"
    1⤵
    • Loads dropped DLL
    PID:4280
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1044 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2936

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsb2325.tmp\InstallOptions.dll
      Filesize

      12KB

      MD5

      83304a78d2b6ea45ea8404f4cd78721f

      SHA1

      d5c5d19653c751c08579dd094bcc9fef1841af00

      SHA256

      92344973083c0a5d8f5732814c1315124e8e0a2f1ed912583a081f95f7549414

      SHA512

      94076cc935927925641d668c19b389d007ff7e8623f2afe706fc73d1ecb97210577a828a727404b200d9870e14b23d6bd047de9201d629e7443a929c0740c67e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsb2325.tmp\brandingurl.dll
      Filesize

      3KB

      MD5

      9c3488b5e9655d1837c3963ecec33f70

      SHA1

      f0fa9b4c29e75c6e4419c4633d09f2797aee2ef3

      SHA256

      05ef4beb7fab9d04c1fb251874166fa2d73a34b4a7f2b145d37a2fd00c88979a

      SHA512

      6af9f88d65d2279a71620f2a656062b1737b3a9a1692ed4e5887bdee891ce08d21c5c0b25ab3acbe6da9fe255dcd7f8a517c2751e73dc56add216740c945e4a7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsb2325.tmp\ioSpecial.ini
      Filesize

      668B

      MD5

      fd0a9d68957d51877cd32a5487c64328

      SHA1

      a2095183d3eb9e9efcec1a237d529f99499fd702

      SHA256

      077b2ee4895d2222dfb2f442ec9aae7578b49529c6a553422c902b1f9c032d9f

      SHA512

      c3eac05c5f47d2157dcd33086e8acadad2e00f9c50faa545977e2b5e1f67134f1eacdbe6a55239d825e408bea36e46018d434ed1b4af36a8c0b583bfa6fc6edb

      Download Submit

    • memory/4280-0-0x0000000000400000-0x0000000000444000-memory.dmp

      Filesize

      272KB

      Download

    • memory/4280-91-0x0000000000400000-0x0000000000444000-memory.dmp

      Filesize

      272KB

      Download