1ca93fdcc11135777684369edc2bb27d287ffa05d09533c69107e88c153d96c2

Analysis

max time kernel
1359s
max time network
1178s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 00:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Wave/dist/shared/bin/wave-luau.exe
Size

3.4MB
MD5

12fd29fcaf6f6518b8bf9e976928fa38
SHA1

1f9352e217518eaceefdd041e3f085ffbb93acb0
SHA256

d38d6297b4653f30397b7f45964ed99a70c8ab73d60063f68d3380c309e626a4
SHA512

b0c5bfb87639585564915f284ecff5af7e6664097ea3d9df6908c08ce09f9f6c31912225620bb7f7cf818efd6a7146280ce37e10ca7fb55bd381b95bb8a2189b
SSDEEP

49152:EIo5oIIIVWVNNNNNPpXqyJh0jtX6YNimufCiZ8ylLyfMAXyDiw1P6bNi/xeLZQpV:2hugpuTcdyPs+GJH/

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

svchost.exe

description pid process

Token: SeManageVolumePrivilege 3216 svchost.exe

description	pid	process
Token: SeManageVolumePrivilege	3216	svchost.exe

C:\Users\Admin\AppData\Local\Temp\Wave\dist\shared\bin\wave-luau.exe
"C:\Users\Admin\AppData\Local\Temp\Wave\dist\shared\bin\wave-luau.exe"
1⤵
PID:3140

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3628

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
Filesize
16KB

MD5
0752dc77d41989e53ff3a91077376a1f

SHA1
c39c44b73098f2f38148e9ac618f71d9edd19477

SHA256
c0259fc020b59eddf49053eaac7d2c11ef4462fa106118b41406711168eb4f09

SHA512
02418eb23c162320c9113c3863d17dba2f599cae02de3096a47c4ddc69334aac1d9f774d894c27ec02699df2150a4da5ad3318f2b4b18bf647554c6903e5656b

Download Submit
memory/3216-40-0x00000189749F0000-0x00000189749F1000-memory.dmp

Filesize
4KB

Download
memory/3216-33-0x00000189749F0000-0x00000189749F1000-memory.dmp

Filesize
4KB

Download
memory/3216-42-0x00000189749F0000-0x00000189749F1000-memory.dmp

Filesize
4KB

Download
memory/3216-34-0x00000189749F0000-0x00000189749F1000-memory.dmp

Filesize
4KB

Download
memory/3216-35-0x00000189749F0000-0x00000189749F1000-memory.dmp

Filesize
4KB

Download
memory/3216-36-0x00000189749F0000-0x00000189749F1000-memory.dmp

Filesize
4KB

Download
memory/3216-37-0x00000189749F0000-0x00000189749F1000-memory.dmp

Filesize
4KB

Download
memory/3216-38-0x00000189749F0000-0x00000189749F1000-memory.dmp

Filesize
4KB

Download
memory/3216-43-0x0000018974620000-0x0000018974621000-memory.dmp

Filesize
4KB

Download
memory/3216-0-0x000001896C340000-0x000001896C350000-memory.dmp

Filesize
64KB

Download
memory/3216-68-0x0000018974870000-0x0000018974871000-memory.dmp

Filesize
4KB

Download
memory/3216-32-0x00000189749D0000-0x00000189749D1000-memory.dmp

Filesize
4KB

Download
memory/3216-39-0x00000189749F0000-0x00000189749F1000-memory.dmp

Filesize
4KB

Download
memory/3216-44-0x0000018974610000-0x0000018974611000-memory.dmp

Filesize
4KB

Download
memory/3216-46-0x0000018974620000-0x0000018974621000-memory.dmp

Filesize
4KB

Download
memory/3216-49-0x0000018974610000-0x0000018974611000-memory.dmp

Filesize
4KB

Download
memory/3216-52-0x0000018974550000-0x0000018974551000-memory.dmp

Filesize
4KB

Download
memory/3216-16-0x000001896C440000-0x000001896C450000-memory.dmp

Filesize
64KB

Download
memory/3216-64-0x0000018974750000-0x0000018974751000-memory.dmp

Filesize
4KB

Download
memory/3216-66-0x0000018974760000-0x0000018974761000-memory.dmp

Filesize
4KB

Download
memory/3216-67-0x0000018974760000-0x0000018974761000-memory.dmp

Filesize
4KB

Download
memory/3216-41-0x00000189749F0000-0x00000189749F1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads