8b621fe08498b943f914105709b09d59fd8d4bb38fe7c06e19463c3613f444e5

Analysis

max time kernel
14s
max time network
20s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 00:42

Target

wavekey.exe
Size

57.2MB
MD5

0b450a010f0dab9c68c53fdfb8870d54
SHA1

f3f0897a78ff80d8907fe4fc093d673fcb632f13
SHA256

8b621fe08498b943f914105709b09d59fd8d4bb38fe7c06e19463c3613f444e5
SHA512

26eeb139ffd7612a711bf6d4ab842d90da2fb73c78454711ba7db57772f045ad7e9a4753599e7a4f0ff320807e7cf3717178a633249611d94ff9e6196284516b
SSDEEP

786432:UU9AOQL7QqMoknvNpA+vIlo0FdGgrnKvIjjk3ESWqEp+0/pWTf0ca+S:jAOQnQqMrlpA+Ql4XvIswqrSIfa+S

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
1800	wavekey.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020840-736.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 1800	1708	wavekey.exe	30
PID 1708 wrote to memory of 1800	1708	wavekey.exe	30
PID 1708 wrote to memory of 1800	1708	wavekey.exe	30

C:\Users\Admin\AppData\Local\Temp\wavekey.exe
"C:\Users\Admin\AppData\Local\Temp\wavekey.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Users\Admin\AppData\Local\Temp\wavekey.exe
  "C:\Users\Admin\AppData\Local\Temp\wavekey.exe"
  2⤵
  - Loads dropped DLL
  PID:1800

C:\Users\Admin\AppData\Local\Temp\_MEI17082\python311.dll

Filesize
1.6MB

MD5
4fcf14c7837f8b127156b8a558db0bb2

SHA1
8de2711d00bef7b5f2dcf8a2c6871fa1db67cf1f

SHA256
a67df621a383f4ce5a408e0debe3ebc49ffc766d6a1d6d9a7942120b8ec054dc

SHA512
7a6195495b48f66c35b273a2c9d7ff59e96a4180ea8503f31c8b131167c6cdddd8d6fe77388a34096964a73c85eab504281a14ae3d05350cfee5c51d2491cec8

Download Submit
memory/1800-738-0x000007FEF59E0000-0x000007FEF5FC8000-memory.dmp

Filesize
5.9MB

Download