Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
08-07-2024 19:33
General
-
Target
WaveInstaller.exe
-
Size
1.5MB
-
MD5
c822ab5332b11c9185765b157d0b6e17
-
SHA1
7fe909d73a24ddd87171896079cceb8b03663ad4
-
SHA256
344700d3141170111a9b77db100f6961cc54a2988d964d34f7e1ca57aa42aa2a
-
SHA512
a8612836fb4714b939d03f7fe08391bbc635ca83ab853fc677159e5db6b00f76b9b586bdae9c19d2406d9a2713d1caf614132cb6c14e1dddc6ac45e47f7e5a5d
-
SSDEEP
24576:9viinbT3ipyqwPx4x3RyFoBkkAd04wJAAh/jV1gJcPNZI6fntX3HOt2pbs81ind2:EinbT3ipTD0anywJAaD/3U2pb7indT
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 50 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb78cdab58,0x7ffb78cdab68,0x7ffb78cdab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1808,i,10706077428693140063,15619607484208690566,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1808,i,10706077428693140063,15619607484208690566,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1808,i,10706077428693140063,15619607484208690566,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1808,i,10706077428693140063,15619607484208690566,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1808,i,10706077428693140063,15619607484208690566,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4384 --field-trial-handle=1808,i,10706077428693140063,15619607484208690566,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1808,i,10706077428693140063,15619607484208690566,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1808,i,10706077428693140063,15619607484208690566,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1808,i,10706077428693140063,15619607484208690566,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4760 --field-trial-handle=1808,i,10706077428693140063,15619607484208690566,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3180 --field-trial-handle=1808,i,10706077428693140063,15619607484208690566,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1808,i,10706077428693140063,15619607484208690566,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1808,i,10706077428693140063,15619607484208690566,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2676 --field-trial-handle=1808,i,10706077428693140063,15619607484208690566,131072 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1808,i,10706077428693140063,15619607484208690566,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-indexFilesize
432B
MD5d3c9f2efc0582a95b6541b9488826b0f
SHA15121b545df07032b08be8ecb110a7397fe860c28
SHA256bbac338b35c93b5e1725b623ec217ecaa3a3094058f31222b9ba307565ec5458
SHA5127990ae444fd69579d5add16b226c705bd4edae911b64cd463028cc144b377d3eb5654b32e69740c134655f86aefe6f53c8c3bb08bca8ca07167b207eac94e696
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
240B
MD538509410aed1b0bd0bcbfc15d9c9e2f4
SHA1b7f2096c134b58c60d479de1776e3f8aa820ac5f
SHA2563b7e51ebc769eec735103c30b4d88fa8d5dca73370ecf22c3a9a0ef091b0bf38
SHA5122592fe47324b35cb30207f868e78d30a214e441fef3c6acb8d09afecb945217ae897b1fc7b7d278ca54ee76f10aeae48ea8fed7ed6a0c45799542480c8a2851f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD5e6d9acb7e2f779e37662232747ddee9f
SHA11705b3a673c53710e28501f63d688add2e790d00
SHA256c03907690943ba4ecbec5e2793173bb5bd2591875448e2dfb8dec28bd187c694
SHA51267228b034ab6c10aa0e95c9f87ea9d46cdc651f7be8ba2886b9fe649f782f049c98cb13508a8253be67674fe76814db739237973291241341137f40acc5d2064
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
356B
MD5256e25139fd74631dedb5d379463dc94
SHA1f3f47f058116963e9341d1584705b1eba4aea401
SHA2562a69e5abe2741761e801260aa628fca4edae888c67d6b7b5f0e26ad3da01332f
SHA512bec863fe1dbdd1885ae9ae2a485022dba1a0ed259cd302e5184d0261e678ebc7e801e6971433013925fbcd3abe53c324e7c287f4a086a0efb8d100e291c3e81e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5f47b81c2ce9a7b6aa34991c34112d70f
SHA161b71f0546b202bb979665d8b9242996e5a9f0f5
SHA25642b3730ee2eeb5565569b3dd801a9ddd115371141304ab6520b6867c4bfa2b4e
SHA51265b5d34c55f3d563e38c4b33954d5ff1fbffc6c2a33495e32d4e58fece6aac6f5d2524bca241161804aa998879f3318a21acec4a4b07186c8488665784e04b9f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5d5df6d83a1ea3b1fee4d0f8eaef40877
SHA13096375fb036821a3c1640788f21fa911379a763
SHA25691fac5c5b384015b0e1b8e92e56f5f6543bd49b6d8bff95477e3d3064842bfd1
SHA512d4ccb1755ac41233a4dc6bbb2b4dd83f6076e7b63b3a850e53393170a390e75b4ed5fe5711e3ce3d5b0bf96f8555bacc1aa2107186c9726c7d922d37adce3735
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5c4fc7aaffb0972226daed19d8c81ac8f
SHA1b331d495818e8d336e61c075b5f2bd1bdc2d2cb5
SHA2565581760de02e6851f252d1e25b26e8bc8d144ced4dbbef5d6f5480007a68328a
SHA51224d240ad0ce96a700849be6ce43c94517f0e8c86d34be5aa0f3f5cc122e1d6effc6c3accf2e286cdeff81f8153977031e74a201717c5072d0954b4bfa38115e2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD510934d26300d0888ee714cdb63b37407
SHA1b5d4be29107503cb5c9c452563f84df0432ce48a
SHA256a8261d40122a29e6d0b78d9214eff7cc1aabcdd84a1b89eb48c50e609d8cd3f7
SHA512ae5fd3efecf44fbef23e766dc885d0e1f64b6fb2234a60f6f3206dd6309d81996035f5e59806e8f50cc24c30487d8312f7bfb108ad12b7caee692410f81db981
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5c3598cddd0bbd9f458cc5e60038e635f
SHA1a21b5d6714fe44c133fd4b62fc304de07d73458d
SHA2566258f0f40c9876958c8c6ca1a6ac271370c867a23647a233abba1eeb44b43931
SHA5123500a17bff4eab4687342033502311ec06d1604f0241c1f149fd38f6776e81637cf886d520e494b018708419cd07ff6bf12400752cde6d439019b6d1104f4286
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5e1cfe3c4054d42c472840727e27a10c7
SHA16ddb33754ececa6b00162fa4719b87941704dbf4
SHA2568e8395178970c171337bd80c772d6aad3c95a9606ad49294ec81f9d367222f6f
SHA512b76d28443c203f9d192904410c1f4acd247b89492c25e0b8ce96f310257c54ce8e33fbcccfff39220fe965ed0b81d55322219d9cd3b60805f4caeb719e1e0cf1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5e452561f6a804c8bf5f15ae50859ab4a
SHA1a40d3977c903adef394dd4a503d30f15b5b31d86
SHA2563630ce2c1f3db6173a3ba336d561ccdcea226cd0804b2088b3ae83f02d7150ab
SHA5124fe99adb5503904b602ef1a61aa44d3438e7f8fd00f810bf29d100dc2078dc2062c0b377e115a18494c120bf02fe61224bde075fa77746798707a440134d8725
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
16KB
MD518fd1981586b5c89a17f51c7c281f0eb
SHA136cbfa9dc1df91a22408e19e4ef4b8e01967fb91
SHA2567f1851327265c7946437bcf211e564c7accb6f04db3918f778f2a1eaeab8580c
SHA512ddb4221c119bfe922ffac6ec62757e3356e2efdea6c8d306f3093463eb71dceda5dbb2b430a105bb4c217e7fb0ef4bff253d4f37de95eda70cb279354b164e4a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
285KB
MD55296d90adb1efc8e4c81b1f1c1317682
SHA1c50cd27ca70c20b473063063cb2709a820efceaf
SHA2565af6ec5289afd6625afb8ab87bc7b46a857a2200fedb8340d071624d3e397138
SHA512519769ad853536dc5df34d12464aa0a5a81da26a9bcd8e60057c0ff8b9b8fc1433088e23393cf8ff36362d341d3e7d78058c54a37e5414c2957c18ad9717cd49
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
92KB
MD54d46936f0bb4a94a661cd793aa2eae33
SHA160b60bef76953d335859a36beaf29c0a3ec60661
SHA256e75b2161a52d2b40be77e061e9975ec5109c0c3eb23e7857237e771d8f439c8b
SHA512b48e55c2b450edd27229c03edd85a509af5a446373f5f1fc364aca384be4d0ff04eb0c08ef414beed710385944d60e978e855def91604033f009bfc5c1cfda74
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
91KB
MD57ee025054fb232863324d73805797b0d
SHA184502c88e60673494720c737963f2d93841af7e6
SHA256a430067be45bd096cd717a949e17d7ba3aa537802273b15ad8c4110520ba6832
SHA51201cd700844e223b4592148dae6035362e6a4a0aeefee55693d1c152e6938f0aa79a26c5e420e4c50f25f3214a478f634e9714da3436bd7b70b252cf32ac13a80
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580ea1.TMPFilesize
89KB
MD58943f8b8b2902a751c2fc3b4ec363130
SHA16a50364677f0028b3531ff41b1b5db332eab7e49
SHA2561003e969a8a634013688d5db909a043eab24bae9a8fbe1f15126863487df11be
SHA5126491357af042b2a1cb381506f9d8403832b8143fbdd246965d3ce87a9a42779939895c70c8f6e5833f6ef8de16e7617eb1f3aec0baebd68a30703eea6440839e
-
\??\pipe\crashpad_3516_OXTLKTHDGEASKLTKMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1288-14-0x00000298C8770000-0x00000298C8771000-memory.dmpFilesize
4KB
-
memory/1288-9-0x00000298C8770000-0x00000298C8771000-memory.dmpFilesize
4KB
-
memory/1288-18-0x00000298C8770000-0x00000298C8771000-memory.dmpFilesize
4KB
-
memory/1288-19-0x00000298C8770000-0x00000298C8771000-memory.dmpFilesize
4KB
-
memory/1288-13-0x00000298C8770000-0x00000298C8771000-memory.dmpFilesize
4KB
-
memory/1288-15-0x00000298C8770000-0x00000298C8771000-memory.dmpFilesize
4KB
-
memory/1288-16-0x00000298C8770000-0x00000298C8771000-memory.dmpFilesize
4KB
-
memory/1288-8-0x00000298C8770000-0x00000298C8771000-memory.dmpFilesize
4KB
-
memory/1288-7-0x00000298C8770000-0x00000298C8771000-memory.dmpFilesize
4KB
-
memory/1288-17-0x00000298C8770000-0x00000298C8771000-memory.dmpFilesize
4KB
-
memory/3356-3-0x00000000745F0000-0x0000000074DA0000-memory.dmpFilesize
7.7MB
-
memory/3356-1-0x0000000000420000-0x00000000005B2000-memory.dmpFilesize
1.6MB
-
memory/3356-0-0x00000000745FE000-0x00000000745FF000-memory.dmpFilesize
4KB
-
memory/3356-20-0x00000000745FE000-0x00000000745FF000-memory.dmpFilesize
4KB
-
memory/3356-6-0x0000000005C00000-0x0000000005C0E000-memory.dmpFilesize
56KB
-
memory/3356-5-0x0000000009380000-0x00000000093B8000-memory.dmpFilesize
224KB
-
memory/3356-4-0x00000000745F0000-0x0000000074DA0000-memory.dmpFilesize
7.7MB
-
memory/3356-47-0x00000000745F0000-0x0000000074DA0000-memory.dmpFilesize
7.7MB
-
memory/3356-2-0x00000000745F0000-0x0000000074DA0000-memory.dmpFilesize
7.7MB
-
memory/3356-45-0x00000000745F0000-0x0000000074DA0000-memory.dmpFilesize
7.7MB