7ae0e1f67e9b3874583a53d7399d4a75ab794561b0d62423542c6e4558e3bc35 | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
25-04-2024 22:34

Sharing

Report Analysis Logs

General

Target

WaveSplotBeta.exe
Size

30.5MB
MD5

fa7ff55a94d629ca1af12bba73582635
SHA1

ff0dc0e3b466a06472387387163517839f30a9c6
SHA256

7ae0e1f67e9b3874583a53d7399d4a75ab794561b0d62423542c6e4558e3bc35
SHA512

aa80f829f6a8620276174bec73a8139d8b19f2c893316f142cda922e4d31236dacb86fba3f4586203ba092f5875205f1d3f5d339fa432be9a9db2aba6b8e77db
SSDEEP

786432:naAWibibX71QtIJ2j6+s7LWB75zuPNdS3ILn6eByJKm+da:naHbXJiIJ2qHWB75iVdSG1BzA

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2424	WaveSplotBeta.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2424	WaveSplotBeta.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 2424	1804	WaveSplotBeta.exe	28
PID 1804 wrote to memory of 2424	1804	WaveSplotBeta.exe	28
PID 1804 wrote to memory of 2424	1804	WaveSplotBeta.exe	28

C:\Users\Admin\AppData\Local\Temp\WaveSplotBeta.exe
"C:\Users\Admin\AppData\Local\Temp\WaveSplotBeta.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Users\Admin\AppData\Local\Temp\WaveSplotBeta.exe
  "C:\Users\Admin\AppData\Local\Temp\WaveSplotBeta.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI18042\python312.dll

Filesize
6.7MB

MD5
550288a078dffc3430c08da888e70810

SHA1
01b1d31f37fb3fd81d893cc5e4a258e976f5884f

SHA256
789a42ac160cef98f8925cb347473eeeb4e70f5513242e7faba5139ba06edf2d

SHA512
7244432fc3716f7ef27630d4e8fbc8180a2542aa97a01d44dca260ab43966dd8ac98b6023400b0478a4809aace1a128f1f4d6e544f2e591a5b436fd4c8a9d723

Download Submit