Overview
overview
9Static
static
7Wave.rar
windows10-2004-x64
9Wave/Injector.exe
windows10-2004-x64
9Wave/Wave.dll
windows10-2004-x64
8Wave/Wave.exe
windows10-2004-x64
1Wave/Wave.exe.config
windows10-2004-x64
3Wave/dist/...c14.js
windows10-2004-x64
1Wave/dist/...ca1.js
windows10-2004-x64
1Wave/dist/...d33.js
windows10-2004-x64
1Wave/dist/...x.html
windows10-2004-x64
1Wave/dist/node.exe
windows10-2004-x64
1Wave/dist/...dex.js
windows10-2004-x64
1Wave/dist/...s.json
windows10-2004-x64
3Wave/dist/...d.luau
windows10-2004-x64
3Wave/dist/...au.exe
windows10-2004-x64
1Wave/dist/...d.luau
windows10-2004-x64
3Wave/dist/...t.json
windows10-2004-x64
3Wave/dist/...d.luau
windows10-2004-x64
3Wave/dist/...au.exe
windows10-2004-x64
1Wave/dist/...d.luau
windows10-2004-x64
3Wave/dist/start.cmd
windows10-2004-x64
1Wave/dxcompiler.dll
windows10-2004-x64
1Wave/dxil.dll
windows10-2004-x64
1Wave/libEGL.dll
windows10-2004-x64
1Wave/libGLESv2.dll
windows10-2004-x64
1Wave/libcef.dll
windows10-2004-x64
1Wave/snaps...ob.bin
windows10-2004-x64
3Wave/v8_co...ot.bin
windows10-2004-x64
3Wave/vk_sw...er.dll
windows10-2004-x64
1Wave/vk_sw...d.json
windows10-2004-x64
3Wave/vulkan-1.dll
windows10-2004-x64
1Wave/webso...rp.dll
windows10-2004-x64
1Wave/works..._FE.iy
windows10-2004-x64
3Analysis
-
max time kernel
1472s -
max time network
1472s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
09-04-2024 00:29
Behavioral task
behavioral1
Sample
Wave.rar
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
Wave/Injector.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Wave/Wave.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
Wave/Wave.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Wave/Wave.exe.config
Resource
win10v2004-20240226-en
Behavioral task
behavioral6
Sample
Wave/dist/client/assets/yaml-df2b4c14.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
Wave/dist/client/assets/yaml-f7ca1ca1.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral8
Sample
Wave/dist/client/assets/yaml-f8a2dd33.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
Wave/dist/client/index.html
Resource
win10v2004-20240226-en
Behavioral task
behavioral10
Sample
Wave/dist/node.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
Wave/dist/server/index.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral12
Sample
Wave/dist/shared/bin/en-us.json
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
Wave/dist/shared/bin/globalTypes.d.luau
Resource
win10v2004-20240226-en
Behavioral task
behavioral14
Sample
Wave/dist/shared/bin/wave-luau.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
Wave/dist/shared/bin/wave.d.luau
Resource
win10v2004-20240226-en
Behavioral task
behavioral16
Sample
Wave/dist/shared/configuration/default.json
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
Wave/dist/shared/globalTypes.d.luau
Resource
win10v2004-20240226-en
Behavioral task
behavioral18
Sample
Wave/dist/shared/wave-luau.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
Wave/dist/shared/wave.d.luau
Resource
win10v2004-20240226-en
Behavioral task
behavioral20
Sample
Wave/dist/start.cmd
Resource
win10v2004-20240319-en
Behavioral task
behavioral21
Sample
Wave/dxcompiler.dll
Resource
win10v2004-20240319-en
Behavioral task
behavioral22
Sample
Wave/dxil.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
Wave/libEGL.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral24
Sample
Wave/libGLESv2.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
Wave/libcef.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral26
Sample
Wave/snapshot_blob.bin
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
Wave/v8_context_snapshot.bin
Resource
win10v2004-20240226-en
Behavioral task
behavioral28
Sample
Wave/vk_swiftshader.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
Wave/vk_swiftshader_icd.json
Resource
win10v2004-20240226-en
Behavioral task
behavioral30
Sample
Wave/vulkan-1.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
Wave/websocket-sharp.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral32
Sample
Wave/workspace/IY_FE.iy
Resource
win10v2004-20240226-en
General
-
Target
Wave/dist/shared/bin/globalTypes.d.luau
-
Size
418KB
-
MD5
4fb046cf2752a7e38784b9c223fc749a
-
SHA1
ec60cb7dca1a73001cffbcf858ec0a8714dbca1a
-
SHA256
89259d80bd757a1d0a5b47b5c7eac1d8f84071d71b49049dd49a37ef8dee727c
-
SHA512
763d7d904ae606b2e9692b46d5c18bab98eecd6973330f223da738f74f918530729df0ea8d91b976fc2787592d469c187bc027ad142dc5cef0d7b615948c7e13
-
SSDEEP
6144:siqczXlabtPJQc3zJqjFY/OSRlXAR6fTU4Dx0YvDr7YuHqkZhCd6dFyDWro/1SXB:SJQc3zJ5Dx+0
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
svchost.exedescription pid process Token: SeManageVolumePrivilege 2632 svchost.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 1688 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Wave\dist\shared\bin\globalTypes.d.luau1⤵
- Modifies registry class
PID:4520
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1688
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:1184
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2632
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD5f83521d5291efa297568a241519828f4
SHA13d9c8edbeaed2242b2fb04b22b3c79789819e7c7
SHA256234c6fc5bf96a76de19b6de88b62aa277380b209338954d525587b34a1340dae
SHA5122bdc276f0dc60613da7abce4564dfc62163a22423715af0a23202dbf21cdcd0f06dda4939a6561ef65d8fc645214dd77e94fa1b47ff3f2647ae4d6b7a2a846f8