Analysis
-
max time kernel
44s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
14-06-2024 05:07
Static task
static1
Behavioral task
behavioral1
Sample
Wave Browser.exe
Resource
win7-20240221-en
2 signatures
150 seconds
General
-
Target
Wave Browser.exe
-
Size
1.2MB
-
MD5
1684aab6fae1ed888cf6d3c45e3f5fa7
-
SHA1
6acc87b81836575bf7b497f0e8a9a23a221f06b7
-
SHA256
4114122c0dca23f637d83eed33f9abcdc92709e2ac6f63ffd55f5aae519b58ab
-
SHA512
6d4bafe21686ce62cc129082e8dcd4da87fa7dcaea5eee9862a99adbb0142e89fe0e9d097ee2b9a9a6b6eab3ee23b6a26c4fa587d7ce1782a1d2e2c1454c2e71
-
SSDEEP
24576:2s/RUhtSWUeNXoCPxjyJVhGi4vGuOg9ajduJd/WDj0uX:2oRUhoK/9ecwjd6d/sIuX
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Wave Browser.exedescription pid process Token: SeDebugPrivilege 2736 Wave Browser.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Wave Browser.exedescription pid process target process PID 2736 wrote to memory of 2352 2736 Wave Browser.exe WerFault.exe PID 2736 wrote to memory of 2352 2736 Wave Browser.exe WerFault.exe PID 2736 wrote to memory of 2352 2736 Wave Browser.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Wave Browser.exe"C:\Users\Admin\AppData\Local\Temp\Wave Browser.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2736 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2736 -s 6562⤵PID:2352
-