Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

Wave Goodbye.exe

windows7-x64

9

Wave Goodbye.exe

windows10-2004-x64

9

Resubmissions

29/06/2024, 22:45

240629-2ps5gsycjc 9

Analysis

  • max time kernel
    15s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/06/2024, 22:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Wave Goodbye.exe

  • Size

    6.0MB

  • MD5

    b67c09157b260b02037a716d28d7c34f

  • SHA1

    a6da5549351e78fda395b5381dcf9e14240390fd

  • SHA256

    ceb6a0b8e1c27c75155ab28b9283fe488ae5daca15b0cc58ebfc009200c8e824

  • SHA512

    61cc65311af74f83ea950ef54661a5421df67026f7760e257ae3701b3b339f554ac1b42a63f2adafe142ad71a81c545b6749aac0a4f5c78eccd90d072fb7bbad

  • SSDEEP

    98304:dHx3rQ9UT/cnDEuzHEAtpW1pAT0WaDMyaATQKC2witrFr9vQVN9x3gHWdFISYft4:73rpbcnDEuzkAtpWzATIaAEHVYJJmN/P

Score
9/10
evasionthemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 7 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Wave Goodbye.exe
    "C:\Users\Admin\AppData\Local\Temp\Wave Goodbye.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/6NNYUEXAR2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2216
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2960

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67e8522411ebe9d6f1bf0d89c2723bd4

    SHA1

    b33b02b72028c9e3fe166822471067ebdfae5185

    SHA256

    7e7e8998a34c794052feca473fa6a740068e188db578c663b94812a99b72af39

    SHA512

    e7e6411ce6a41a98884818011479e315a6a5fbc51d74c2c2af3beaac9cc279284d509f6b68a2c674c8e10ff2695404b9ccf5207da94d599cd35f7fd2e60b194c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    512ea55eca2b40ddd9cfbeba70be3a91

    SHA1

    b5403adf4e6c6f5b8663968281e3601315f8f07b

    SHA256

    2fd433bd7583ffe589c1add90c98a24cd595eadca184555c004e1081108b95c0

    SHA512

    27dc1c6f46316d9e65ea3617fbd333eafba2e29af3561ef0f0e4df226e4c12c17bf85f084f21264b895d4b032b13caa2b085147240fd6f472dbeb2b004d0121a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9c37abeabcf9160efa3c3d336142c3eb

    SHA1

    31413304739cd78addf84c3d0ce4cc8c68e435d3

    SHA256

    46f8334c997e7283713f70e254fd2204aef0dfd20fbd2690bdb765aa587643d0

    SHA512

    36421a711470bcf50212c0f4bc10c043a775b1d730a2a94f6c28b29d8d2fd2b165f5d694bfcf29eb43cc9254d3b53e040124e06a71dad24f3545165b778bdb75

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    132768e69887bb24f88dade81d5bd1c8

    SHA1

    65c65d700391f4cf17d1145be83a768b3df4a41e

    SHA256

    4203ae2368634d03ca0476058420c61f63ab34cc8fd6a8678bbfe55b546da6d2

    SHA512

    79c7eeb9662f77064b122664e6bdbff16e87d7857b8588ca713a4d88645776621486bf0b5f2c0fe8782fb4f8de3f5f2f83c297eb8f9203dd27fbbdfd4b4799a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5487444e0d8e56f2465860b587cccb13

    SHA1

    953e2d4bbd02aa23fe339a3646b7b858e764be2e

    SHA256

    cbe01c7753bb986dbea32f1dc6f3241fdaaf07aad28685711c05849a04a7d3a5

    SHA512

    7639b2f40894b60b92bd5bdf0942dac4c59808f995f0e1db8596e4b63417f0c66eb32cc6f3c14348e4d2cb370b3cb5950da1d32ed51fd980d847feac35a5d0aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a837b075242556af18b8fea24ab59457

    SHA1

    77333e08558cc3cd6eb2e59488ce2ddc332febf6

    SHA256

    7227e101f7aca2283698d7127da2734c496f87f0a83dd735c7d577104ea8968a

    SHA512

    571bd1dc8715be096e3f5fde985a299f639d61425ed87267577d6dbebd96f866c8a53a6544d34389e0226fa8588f85c2a27ae65d8193ed04c079c1f03149a6f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e31ce3e4c771750c32111db2299bf6ad

    SHA1

    e4173dea3bd24fd05c0e56570f717652cf43506e

    SHA256

    0c48611de73a8587bdba28188378f6fcf73650bbc2f36f7826e595014726ee32

    SHA512

    ba8878940d5b42e449c7028dd5458682fe2a093a68c109b6e80c55a6c488b9121c9fda946f3a746a4076191974fe3a0de37612fbcd1a02cd2bbb269303610767

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    320efaf4e832b66eb9f60375f351c378

    SHA1

    9a1129ddb590e2fe6d5d5811dc0ca0a7e7fd0004

    SHA256

    cb6a247178d241c5724039834639dc3d6e602ccab21c9756ca1e6a52bc930ac5

    SHA512

    b4420671a67b4f3a730734d99de762be2b30df02c46a543ec66c8f7222acc20aea5ec333463e4b2bdc50d95c233db04b8efe9c88f80f5cfc0dc7923266bdc206

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47968f67bf6d9bf583b49295468fc003

    SHA1

    cea7ef601c7f288611c8916341b10e782cf8fa57

    SHA256

    dc74a224d62d995c6d69d0ac11f3b1bf92de4455b81c89b91e6e5ea43681f61f

    SHA512

    7d19ce973d78dee6db54a19458e85554aae57979817b5c2a63d328b62c2267479b012920519e511b0ed85b53dc24137301de5b2bf69778b77f799b4b7295858f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3496321a68ecfeea4730e3bfe94e8eb3

    SHA1

    d29d1f34635b510d466ceadfd778ac8bfa6a6e38

    SHA256

    daa92109d38ce5ec8193b5a2ae1b27dae9d12c529fec624b77b997f9c55903b9

    SHA512

    a14ae57daa23ab5d223b165ac69dc21c3a130282e87652ed5b08cc34bb0a03a880760becac5fc0efc5548d4f279d4c1a370389c4c6def61d1dd28f07ba6afa12

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21f6e7c69d56117ff458d9128a46e196

    SHA1

    e898f6452d9d69827b7c46d0de58534ecfee7804

    SHA256

    8ececda8101fd1b3876f6efb09b6025e929cc26803c539b43a5f3c8bd79ffb10

    SHA512

    77690dcdaa6b07039ee2be075ac094f885416a83b3c11285ce727c60a0e5904a0fa96049daf8c39eb8e11af2ef9c8f2f3b986f8800761fe084a49106494cabcb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    925fd470dfd19fc89d5bc5a39b4490c4

    SHA1

    be2eb3b7f7a9c67493fff9ecbf76f15fffec1669

    SHA256

    75b833344aa96d6868da2b3fe5589241dcf38841d4da6a0ed8c0fb8330012ac7

    SHA512

    638d46087e274e747246587ea24017978fcae05c74fca7fb9614568c8d82d1e8d17b3bc84e56a590c2979943ed0281a02932eb6edd1f6376b57ab193926dc18c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\sxsuh4u\imagestore.dat
    Filesize

    24KB

    MD5

    187710413a92f4358ac968ae665ba23b

    SHA1

    56d305fd66e559a6780101a4423c68273b5ce082

    SHA256

    f41f70b9c9a0dc364403e3cfa291e64a25981e8e0a30173054004c93d6f00583

    SHA512

    3a5a7a743067dc25df2518150bba942d2c5be3b4e65465884611b4449bf81943eaf8fb73a8bb3f018ffedce7da1277bd48e3ed15a1186109e591973b39d91d2e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\favicon[2].ico
    Filesize

    23KB

    MD5

    ec2c34cadd4b5f4594415127380a85e6

    SHA1

    e7e129270da0153510ef04a148d08702b980b679

    SHA256

    128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

    SHA512

    c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab202E.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2130.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2380-0-0x0000000140000000-0x0000000140F65000-memory.dmp

    Filesize

    15.4MB

    Download

  • memory/2380-6-0x0000000140000000-0x0000000140F65000-memory.dmp

    Filesize

    15.4MB

    Download

  • memory/2380-3-0x0000000140000000-0x0000000140F65000-memory.dmp

    Filesize

    15.4MB

    Download

  • memory/2380-4-0x0000000140000000-0x0000000140F65000-memory.dmp

    Filesize

    15.4MB

    Download

  • memory/2380-2-0x0000000140000000-0x0000000140F65000-memory.dmp

    Filesize

    15.4MB

    Download

  • memory/2380-5-0x0000000140000000-0x0000000140F65000-memory.dmp

    Filesize

    15.4MB

    Download

  • memory/2380-1-0x00000000772B0000-0x00000000772B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2380-459-0x0000000140000000-0x0000000140F65000-memory.dmp

    Filesize

    15.4MB

    Download