Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

wavekey.exe

windows7-x64

7

wavekey.exe

windows10-2004-x64

8

Resubmissions

09/07/2024, 12:47

240709-p1h3favclq 8

09/07/2024, 12:40

240709-pwffravarl 8

Analysis

  • max time kernel
    844s
  • max time network
    854s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 12:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wavekey.exe

  • Size

    58.4MB

  • MD5

    56d8f3fc271646fcded216210bd264a6

  • SHA1

    708cf77ad8d8b6906a6c5c5d7812d916f59310a7

  • SHA256

    98f0719305b0ecf6f53faa5523d3be3f466bfbf467aed10c5d2d4c41f25ffc41

  • SHA512

    f22ee98fcb0c427fa4bc2c475895c29a14fb0a6d64cabd4c0210f002fc7d06da0c1be0c8d9fe3dd1e4a6b620bc0c27702a405c1bc581ad9a15a3edce880d0323

  • SSDEEP

    786432:q+q9AOQL7QqMoknvNpA+vIlo0FdGgrBKvIjjk3ESWqEp+0/pWTf0ca+O:q+cAOQnQqMrlpA+Ql4tvIswqrSIfa+O

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\wavekey.exe
    "C:\Users\Admin\AppData\Local\Temp\wavekey.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2448
    • C:\Users\Admin\AppData\Local\Temp\wavekey.exe
      "C:\Users\Admin\AppData\Local\Temp\wavekey.exe"
      2⤵
      • Loads dropped DLL
      PID:2908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI24482\python311.dll
    Filesize

    1.6MB

    MD5

    4fcf14c7837f8b127156b8a558db0bb2

    SHA1

    8de2711d00bef7b5f2dcf8a2c6871fa1db67cf1f

    SHA256

    a67df621a383f4ce5a408e0debe3ebc49ffc766d6a1d6d9a7942120b8ec054dc

    SHA512

    7a6195495b48f66c35b273a2c9d7ff59e96a4180ea8503f31c8b131167c6cdddd8d6fe77388a34096964a73c85eab504281a14ae3d05350cfee5c51d2491cec8

    Download Submit

  • memory/2908-738-0x000007FEF5EC0000-0x000007FEF64A8000-memory.dmp

    Filesize

    5.9MB

    Download