hxxps://getwave[.]gg

Analysis

max time kernel
599s
max time network
561s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
06/07/2024, 00:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://getwave.gg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133646986885017950"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1456	chrome.exe
1456	chrome.exe
5188	chrome.exe
5188	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1456	chrome.exe
1456	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 4292	1456	chrome.exe	80
PID 1456 wrote to memory of 4292	1456	chrome.exe	80
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 868	1456	chrome.exe	82
PID 1456 wrote to memory of 5532	1456	chrome.exe	83
PID 1456 wrote to memory of 5532	1456	chrome.exe	83
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84
PID 1456 wrote to memory of 1020	1456	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://getwave.gg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbd721ab58,0x7ffbd721ab68,0x7ffbd721ab78
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1492 --field-trial-handle=1792,i,15400349723009056567,8085563649417044816,131072 /prefetch:2
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1792,i,15400349723009056567,8085563649417044816,131072 /prefetch:8
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2152 --field-trial-handle=1792,i,15400349723009056567,8085563649417044816,131072 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1792,i,15400349723009056567,8085563649417044816,131072 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1792,i,15400349723009056567,8085563649417044816,131072 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4292 --field-trial-handle=1792,i,15400349723009056567,8085563649417044816,131072 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4228 --field-trial-handle=1792,i,15400349723009056567,8085563649417044816,131072 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2652 --field-trial-handle=1792,i,15400349723009056567,8085563649417044816,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5188

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
ec1634928dd08f63ffe86977a1c1b0f1

SHA1
b9fab519cfe342d5409b68992574587208e889ee

SHA256
1b26fc5a35a42419f02aac64ab88ee56b1480bce6b72480069f7afb6612e6a62

SHA512
1cfc56b2eadcb43e29a88a1a8cafa48416157c9094c5ee6aa10cdd7b227c7d11a9a360739abdb14707d3d184dd029c91a5b0aca352023ecbcfdde2e25c9eb8de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8732d1ff866bb42fafffef28679ccd2c

SHA1
86b436a2c9f2bb9f1f4d68714f9d5dc49dc7850f

SHA256
51459fe9643d427e2a6959e9b1765ee5885efaa8d57d953a1e57159a4484aaf8

SHA512
3261da5569d23c778608bda733cacc43d10a877584695395198f5230551c76f28d4d724c1fc2df99cc14b0aab4d1f279a425277829527881360973ce21189306

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
17c7c4a46e8aa689b692220d66b466a3

SHA1
eb0a6b33f7b231fae0107111c799446268d528dc

SHA256
15b8b4ed2bb6448d0274912cb1c02671f34106b92021cab44471fb457283942c

SHA512
665f04b7349bd4b02a16d73925c60719b29ed29f00b0ad6cade36f949dbcd074070a13cef5515f4d2530d869daf760a8e5f1461dabc9e2beed58c53aad10137c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e6c8b99eb8ab8bbdfbd250b22f4ac742

SHA1
e9d1aeef9fd6c099d54a67586811c362322da016

SHA256
ae1d8916068e909af6f1125b270d5debe479fccecbefe0e8cbb20f47a4dc7aef

SHA512
aa752c55e14da4e8fe02b3971b89626ce3003d6ce450638347059cc9f1200b567daac51cd8374d9286810a8399f139e3ce506021f11465cf5416282d5e3005fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
3dfca7cec8e3c34d338e14febcb10568

SHA1
078385faa13d41ff1dc24770e163ad235836f497

SHA256
9192cedc87bf3261cb572cd1ca04922a3b4c204e110dd29091e98181e4dcb386

SHA512
67a9cf838a4980861aa5af08e4d06fc88c668a41aa38911e8171110c62355c957776169b0f574c3b95d7bce18dc812ee7c2d1432a59228cae93b2a1240a16868

Download Submit