Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    09/04/2024, 10:15

General

  • Target

    WaveTrial.rar

  • Size

    156.4MB

  • MD5

    0159c8632597db4afc30105f24cdd3ea

  • SHA1

    5e80272c6ff0d820cdb0a4f98f7fbf0d558f5957

  • SHA256

    0ff0224edb6a27b5c23adc7fb759864bb3c645f2cf2f38d0a0290c1fa691fdd2

  • SHA512

    587e4dc7ae21036f3aaec3e99955670ef0c457fab23db79b71f0963acc79a1f2eca61b2233b6770672a139b0f8a9ae98ad65bed2431aac476fe7d4e293e666fe

  • SSDEEP

    3145728:GeUQUfKvWr13d8VZDUdp27PkF5oeUahBcPVyMVob2395nOl0tUD:MKuh+DU72TkF5oeVBMX3nnptUD

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\WaveTrial.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2980
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\WaveTrial.rar"
      2⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2668

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\WaveTrial\dist\client\assets\index-daab.js

          Filesize

          3.4MB

          MD5

          a19bf5e804004e0397a4547f9a8568fe

          SHA1

          daad35851be0986f1a99f5563976309c2f7fc800

          SHA256

          66909b895c0b86eb1edaf95c0d728939a4986f01bf5112023bf52a6afc021155

          SHA512

          2e98dedf48e2f16543ef28cdfad832f77a6250f6e71cadd2245e58aa4872a91934f390ad8552a1c59b035ead123904b95c31a1fb3d7ba3dbf49968b018755c5a