94fed8df66e9d57b5aba78e723c1e1aa00e37a06af189df87e29a6e9274d3551 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

wave.txt

windows7-x64

1

wave.txt

windows10-2004-x64

8

wave.txt

windows11-21h2-x64

3

Sharing

General

Target

wave.txt
Size

181B
Sample

240629-gawxlsvfkr
MD5

9c8b4d93ee647bcd2ab84f5ce33f8b97
SHA1

d080ee431783d12f66b628f0b278244649a4e726
SHA256

94fed8df66e9d57b5aba78e723c1e1aa00e37a06af189df87e29a6e9274d3551
SHA512

e71dec1f97588053b91ca10b60414e9de6e77e1e52aaee0db59b9eb6f81bb1b22b13f287c06edf7d1b04d1a84843234a846fcc475adfc09d987ef8bfd8c5b5c1

Score

8^/10

discovery

Static task

static1

Behavioral task

behavioral1

Sample

wave.txt

Resource

win7-20240611-en

windows7-x64

1 signatures

300 seconds

Behavioral task

behavioral2

Sample

wave.txt

Resource

win10v2004-20240611-en

windows10-2004-x64

25 signatures

300 seconds

Behavioral task

behavioral3

Sample

wave.txt

Resource

win11-20240419-en

windows11-21h2-x64

4 signatures

300 seconds

Malware Config

Targets

- Target
  
  wave.txt
- Size
  
  181B
- MD5
  
  9c8b4d93ee647bcd2ab84f5ce33f8b97
- SHA1
  
  d080ee431783d12f66b628f0b278244649a4e726
- SHA256
  
  94fed8df66e9d57b5aba78e723c1e1aa00e37a06af189df87e29a6e9274d3551
- SHA512
  
  e71dec1f97588053b91ca10b60414e9de6e77e1e52aaee0db59b9eb6f81bb1b22b13f287c06edf7d1b04d1a84843234a846fcc475adfc09d987ef8bfd8c5b5c1
Score

8^/10

discovery
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

© 2018-2025

Terms | Privacy