18ce929380ab15f9e9d23d156ff3cff56b94e33641a40379f57e7adc91130c3f

Resubmissions

09/04/2024, 22:11 UTC

240409-131wtaea38 8

09/04/2024, 21:43 UTC

240409-1k5r2scg65 7

09/04/2024, 21:18 UTC

240409-z5mxasbe59 7

06/04/2024, 10:55 UTC

240406-mz7nashc59 8

06/04/2024, 10:41 UTC

240406-mrjaqsgd6z 7

Analysis

max time kernel
3s
max time network
235s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 21:43 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Installer.exe
Size

147.0MB
MD5

2fcb65fc8b2bc9505da8dd94033cc7ad
SHA1

ff12916a1d57eb26d9e5856d91c450b155a35f65
SHA256

708543f3ca34ffe8e4d33c09560d4e190fe35bd2aa7a57369291174d537ffc32
SHA512

4927ede0dead3f947513add783a150245185ae1872b0f59d8159448423b33e636956e69b8278c37f62dd9a6a4ca59247f83beea4d59d1a6832ce5ce4533ed585
SSDEEP

1572864:EgGRqQdeZ4K5M0PmL0g6dKXPRYGO1QwOVnMKVbmd6LpL28nHQ5OneFBlwb:OV6msmCUhN4lS

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2012	Installer.exe
2012	Installer.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
2612	tasklist.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2612	tasklist.exe
Token: SeShutdownPrivilege	2012	Installer.exe
Token: SeShutdownPrivilege	2012	Installer.exe
Token: SeShutdownPrivilege	2012	Installer.exe
Token: SeShutdownPrivilege	2012	Installer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 2568	2012	Installer.exe	28
PID 2012 wrote to memory of 2568	2012	Installer.exe	28
PID 2012 wrote to memory of 2568	2012	Installer.exe	28
PID 2568 wrote to memory of 2612	2568	cmd.exe	30
PID 2568 wrote to memory of 2612	2568	cmd.exe	30
PID 2568 wrote to memory of 2612	2568	cmd.exe	30
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2316	2012	Installer.exe	32
PID 2012 wrote to memory of 2756	2012	Installer.exe	33
PID 2012 wrote to memory of 2756	2012	Installer.exe	33
PID 2012 wrote to memory of 2756	2012	Installer.exe	33
PID 2012 wrote to memory of 2780	2012	Installer.exe	34
PID 2012 wrote to memory of 2780	2012	Installer.exe	34
PID 2012 wrote to memory of 2780	2012	Installer.exe	34
PID 2012 wrote to memory of 2780	2012	Installer.exe	34
PID 2012 wrote to memory of 2780	2012	Installer.exe	34
PID 2012 wrote to memory of 2780	2012	Installer.exe	34
PID 2012 wrote to memory of 2780	2012	Installer.exe	34
PID 2012 wrote to memory of 2780	2012	Installer.exe	34
PID 2012 wrote to memory of 2780	2012	Installer.exe	34
PID 2012 wrote to memory of 2780	2012	Installer.exe	34
PID 2012 wrote to memory of 2780	2012	Installer.exe	34
PID 2012 wrote to memory of 2780	2012	Installer.exe	34
PID 2012 wrote to memory of 2780	2012	Installer.exe	34
PID 2012 wrote to memory of 2780	2012	Installer.exe	34
PID 2012 wrote to memory of 2780	2012	Installer.exe	34
PID 2012 wrote to memory of 2780	2012	Installer.exe	34

C:\Users\Admin\AppData\Local\Temp\Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Installer.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2568
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2612
- C:\Users\Admin\AppData\Local\Temp\Installer.exe
  "C:\Users\Admin\AppData\Local\Temp\Installer.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\game" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1204,i,9119817144374930202,3317385051893675166,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  PID:2316
- C:\Users\Admin\AppData\Local\Temp\Installer.exe
  "C:\Users\Admin\AppData\Local\Temp\Installer.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\game" --mojo-platform-channel-handle=1560 --field-trial-handle=1204,i,9119817144374930202,3317385051893675166,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  PID:2756
- C:\Users\Admin\AppData\Local\Temp\Installer.exe
  "C:\Users\Admin\AppData\Local\Temp\Installer.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\game" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1172 --field-trial-handle=1204,i,9119817144374930202,3317385051893675166,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  PID:2780

Network

DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A
DNS

www.spotify.com

Remote address:

8.8.8.8:53

Request

www.spotify.com

IN A

Response

www.spotify.com

IN CNAME

edge-web.dual-gslb.spotify.com

edge-web.dual-gslb.spotify.com

IN A

35.186.224.25
DNS

www.myexternalip.com

Remote address:

8.8.8.8:53

Request

www.myexternalip.com

IN A

Response

www.myexternalip.com

IN A

34.117.118.44
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A
DNS

dns.google

Remote address:

8.8.8.8:53

Request

dns.google

IN A

Response

dns.google

IN A

8.8.4.4

dns.google

IN A

8.8.8.8
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response
DNS

wave-assistant.com

Installer.exe

Remote address:

8.8.8.8:53

Request

wave-assistant.com

IN A

Response

35.186.224.25:443

www.spotify.com

tls

1.1kB
5.7kB
9
12
34.117.118.44:443

www.myexternalip.com

tls

907 B
4.4kB
8
10
8.8.4.4:443

dns.google

tls

1.7kB
7.1kB
16
17

8.8.8.8:53

wave-assistant.com

dns

Installer.exe

256 B
192 B
4
3

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

www.spotify.com

dns

61 B
110 B
1
1

DNS Request

www.spotify.com

DNS Response

35.186.224.25
8.8.8.8:53

www.myexternalip.com

dns

66 B
82 B
1
1

DNS Request

www.myexternalip.com

DNS Response

34.117.118.44
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

256 B
192 B
4
3

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

dns.google

dns

56 B
88 B
1
1

DNS Request

dns.google

DNS Response

8.8.4.4

8.8.8.8
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

256 B
192 B
4
3

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

256 B
64 B
4
1

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

256 B
256 B
4
4

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

256 B
256 B
4
4

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

256 B
256 B
4
4

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

256 B
256 B
4
4

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

192 B
192 B
3
3

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

256 B
256 B
4
4

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

192 B
128 B
3
2

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

256 B
256 B
4
4

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

192 B
192 B
3
3

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

192 B
192 B
3
3

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

256 B
256 B
4
4

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

192 B
192 B
3
3

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

256 B
256 B
4
4

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

256 B
192 B
4
3

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

256 B
256 B
4
4

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

256 B
256 B
4
4

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

256 B
256 B
4
4

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

192 B
192 B
3
3

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

256 B
256 B
4
4

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

256 B
256 B
4
4

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

256 B
256 B
4
4

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com
8.8.8.8:53

wave-assistant.com

dns

Installer.exe

256 B
256 B
4
4

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

DNS Request

wave-assistant.com

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\3867800f-61f5-4486-8f73-8a70e9f05aa8.tmp.node

Filesize
654KB

MD5
36e0027f9e250df48c14d0c46cc69df7

SHA1
8c8c4dd7725a0ec877541d48ed5ceda97d8a3bd1

SHA256
1f6a635c64ef5e04826545b78d4796f2f00493c7fd7b06c9cdea956fd71afeaf

SHA512
eba9d6dfe72a7d606159a30968627f6bee22f81f00c722d40058ab6c880c880e040fb9f418e5154f30f20f5f8c9254c3ed9cfa93ea1f2eefa9b5d7ed4e9fea84

Download Submit
\Users\Admin\AppData\Local\Temp\d332a513-a766-4300-afa5-8358f8b7c0bd.tmp.node

Filesize
1.8MB

MD5
beb8d911d40e8fe94770d9d341e0de11

SHA1
d24d31e5b44a4a80969e2a669fb9b0ed42cfd479

SHA256
ec41fc2fee2abcbf0559965501f54aae47cff24a87204fd3a85d86c7d53d53c7

SHA512
079c43c2533fa35411247dd091c5caedb4a0dbdeee7b8f9fbbba6f521d760856822d373f1e6682eff10bebc63168cb4a445aee7b23047e4d784ab28891d07bfe

Download Submit
memory/2316-10-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/2316-41-0x00000000779D0000-0x00000000779D1000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request