Overview

overview

7

Static

static

3

WaveInstaller.exe

windows7-x64

1

WaveInstaller.exe

windows10-2004-x64

7

Resubmissions

28/06/2024, 15:45

240628-s64swawbjb 8

28/06/2024, 15:19

240628-sqdxhsvfqg 7

Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/06/2024, 15:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WaveInstaller.exe

  • Size

    1.5MB

  • MD5

    b075f4320e46d0d5e78a649e8ee011cc

  • SHA1

    b0dd50171323f0f83dbea0340e9ed8cf44bea38e

  • SHA256

    8581823244a50bbed9709d09f3eba29dd9989681d96bff2b6c19245053069feb

  • SHA512

    e08024b5fa50dc344ca18413a6c21e0f20490c22c90c565d6f663014f1673643da1d5d748e0cefca8a7cbae91a62470289803ad588d3aa5cf3dc6292d7393d47

  • SSDEEP

    24576:VviinbT3ipyqwPx4x3RyFoBkkAd04wJAAh/jV1gJcPNZI6fntX3HOt2pq081ind2:MinbT3ipTD0anywJAaD/3U2pqjindT

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 41 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of AdjustPrivilegeToken
    PID:3820
    • C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
      "C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"
      2⤵
        PID:4360
    • C:\Windows\system32\control.exe
      "C:\Windows\system32\control.exe" SYSTEM
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:1640
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
      1⤵
        PID:1592
      • C:\Windows\explorer.exe
        C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
        1⤵
        • Checks processor information in registry
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:1140
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
        1⤵
          PID:1736

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\CefSharp\chrome_100_percent.pak
          Filesize

          667KB

          MD5

          ae195e80859781a20414cf5faa52db06

          SHA1

          b18ecb5ec141415e3a210880e2b3d37470636485

          SHA256

          9957802c0792e621f76bbdb1c630fbad519922743b5d193294804164babda552

          SHA512

          c6fef84615fe20d1760ca496c98629feb4e533556724e9631d4282622748e7601225cf19dfb8351f4b540ae3f83785c1bcea6fe8c246cf70388e527654097c1c

          Download Submit

        • C:\Users\Admin\AppData\Local\CefSharp\chrome_200_percent.pak
          Filesize

          1.0MB

          MD5

          1abf6bad0c39d59e541f04162e744224

          SHA1

          db93c38253338a0b85e431bd4194d9e7bddb22c6

          SHA256

          01cb663a75f18bb2d0d800640a114f153a34bd8a5f2aa0ed7daa9b32967dc29e

          SHA512

          945d519221d626421094316f13b818766826b3bedddab0165c041540dddadc93136e32784c0562d26a420cb29479d04d2aa317b8d605cd242e5152bf05af197e

          Download Submit

        • C:\Users\Admin\AppData\Local\CefSharp\chrome_elf.dll
          Filesize

          1020KB

          MD5

          7191d97ce7886a1a93a013e90868db96

          SHA1

          52dd736cb589dd1def87130893d6b9449a6a36e3

          SHA256

          32f925f833aa59e3f05322549fc3c326ac6fc604358f4efbf94c59d5c08b8dc6

          SHA512

          38ebb62c34d466935eabb157197c7c364d4345f22aa3b2641b636196ca1aeaa2152ac75d613ff90817cb94825189612ddd12fb96df29469511a46a7d9620e724

          Download Submit

        • C:\Users\Admin\AppData\Local\CefSharp\icudtl.dat
          Filesize

          6.2MB

          MD5

          3941f3cff89abdbb3d34cea6a0193385

          SHA1

          d0c75ef541d8721eb7530d88134409b5f34f550e

          SHA256

          037854c1afbbbfb60c954534f657a7b3b616a71c667960fb0074ccd99f2d92ec

          SHA512

          afa4f22a14b3a7a5844deaf4ff6903e85b3e224602e7ccee9505efd44d8273cbce910824cdbb23346555e882b7102f9af5701dc9845dab23a1193f5078ee5ade

          Download Submit

        • C:\Users\Admin\AppData\Local\CefSharp\locales\en-US.pak
          Filesize

          456KB

          MD5

          4430b1833d56bc8eb1f7dc82bb7f4bc9

          SHA1

          dc15e6306625f155683326e859d83f846153c547

          SHA256

          b44ddcfac9df4934007e6c55a3c7f5e7f14c7e5e29f35c81de917fc3b22aabbc

          SHA512

          faf93bf371b2a88c1b874a5e2c54e4487fd152ad19c2a406a46f55ae75ecd421a779888c2e4c170857b16bfb5d8744bc1815a4732ed50b064b3cbd0c5ffad889

          Download Submit

        • C:\Users\Admin\AppData\Local\CefSharp\resources.pak
          Filesize

          5.7MB

          MD5

          478057c50954cc1c4053adf769ca389f

          SHA1

          eee1c98ccf03f2d0161b9325711add8c3b702885

          SHA256

          f46850950f94ca207f43212e33233a04fba77a2874472686a7c7093eeed8958e

          SHA512

          389f659afe070059cf4bafdebd3325694be282b8bcd8d1809bf08af522b2dbaa7fb2969576234b068fcbd4419afe599ff25a427553c1cd31f9d097ff8f52b77e

          Download Submit

        • C:\Users\Admin\AppData\Local\Wave\CefSharp.Core.Runtime.dll
          Filesize

          1.3MB

          MD5

          09cba584aa0aae9fc600745567393ef6

          SHA1

          bbd1f93cb0db9cf9e01071b3bed1b4afd6e31279

          SHA256

          0babd84d4e7dc2713e7265d5ac25a3c28d412e705870cded6f5c7c550a5bf8d5

          SHA512

          5f914fa33a63a6d4b46f39c7279687f313728fd5f8437ec592369a2da3256ccff6f325f78ace0e6d3a2c37da1f681058556f7603da13c45b03f2808f779d2aa1

          Download Submit

        • C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
          Filesize

          7.5MB

          MD5

          8a2cd9abb3b07e6d39a196d489905b16

          SHA1

          f632456bb3f8121efe7a93a5a440188eb69d76dd

          SHA256

          32908075eab8e0137e3f4e02e1101fdc53906b56085ec84a2990a27fe147fb63

          SHA512

          f31741334464b5e3d962e0e4c8d4a9634d7191e369023582af389261298295862b718eda01b123c0540e494d887b34cf5b3dd204953d778c814c57cf7629154f

          Download Submit

        • memory/3820-23-0x0000000009BD0000-0x0000000009BDA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3820-1-0x0000000000A60000-0x0000000000BF2000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3820-18-0x0000000005FC0000-0x0000000006056000-memory.dmp

          Filesize

          600KB

          Download

        • memory/3820-19-0x0000000006060000-0x0000000006086000-memory.dmp

          Filesize

          152KB

          Download

        • memory/3820-20-0x00000000060A0000-0x00000000060A8000-memory.dmp

          Filesize

          32KB

          Download

        • memory/3820-22-0x000000000BA40000-0x000000000BAB2000-memory.dmp

          Filesize

          456KB

          Download

        • memory/3820-0-0x000000007529E000-0x000000007529F000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3820-24-0x0000000009BE0000-0x0000000009BEA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3820-8-0x0000000075290000-0x0000000075A40000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3820-6-0x0000000009E50000-0x0000000009E5E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/3820-243-0x0000000075290000-0x0000000075A40000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3820-9-0x0000000075290000-0x0000000075A40000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3820-2-0x0000000075290000-0x0000000075A40000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3820-3-0x0000000075290000-0x0000000075A40000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3820-7-0x000000007529E000-0x000000007529F000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3820-5-0x0000000009E70000-0x0000000009EA8000-memory.dmp

          Filesize

          224KB

          Download

        • memory/3820-4-0x0000000075290000-0x0000000075A40000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/4360-245-0x0000000004FF0000-0x000000000503A000-memory.dmp

          Filesize

          296KB

          Download

        • memory/4360-255-0x0000000005AD0000-0x0000000005C2B000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/4360-247-0x0000000005770000-0x0000000005856000-memory.dmp

          Filesize

          920KB

          Download

        • memory/4360-246-0x0000000005050000-0x0000000005074000-memory.dmp

          Filesize

          144KB

          Download

        • memory/4360-244-0x0000000000010000-0x000000000079C000-memory.dmp

          Filesize

          7.5MB

          Download