Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
844s -
max time network
854s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
09/07/2024, 12:47
Static task
static1
Behavioral task
behavioral1
Sample
wavekey.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
wavekey.exe
Resource
win10v2004-20240704-en
General
-
Target
wavekey.exe
-
Size
58.4MB
-
MD5
56d8f3fc271646fcded216210bd264a6
-
SHA1
708cf77ad8d8b6906a6c5c5d7812d916f59310a7
-
SHA256
98f0719305b0ecf6f53faa5523d3be3f466bfbf467aed10c5d2d4c41f25ffc41
-
SHA512
f22ee98fcb0c427fa4bc2c475895c29a14fb0a6d64cabd4c0210f002fc7d06da0c1be0c8d9fe3dd1e4a6b620bc0c27702a405c1bc581ad9a15a3edce880d0323
-
SSDEEP
786432:q+q9AOQL7QqMoknvNpA+vIlo0FdGgrBKvIjjk3ESWqEp+0/pWTf0ca+O:q+cAOQnQqMrlpA+Ql4tvIswqrSIfa+O
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2908 wavekey.exe -
resource yara_rule behavioral1/files/0x000400000001e519-736.dat upx behavioral1/memory/2908-738-0x000007FEF5EC0000-0x000007FEF64A8000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2448 wrote to memory of 2908 2448 wavekey.exe 30 PID 2448 wrote to memory of 2908 2448 wavekey.exe 30 PID 2448 wrote to memory of 2908 2448 wavekey.exe 30
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD54fcf14c7837f8b127156b8a558db0bb2
SHA18de2711d00bef7b5f2dcf8a2c6871fa1db67cf1f
SHA256a67df621a383f4ce5a408e0debe3ebc49ffc766d6a1d6d9a7942120b8ec054dc
SHA5127a6195495b48f66c35b273a2c9d7ff59e96a4180ea8503f31c8b131167c6cdddd8d6fe77388a34096964a73c85eab504281a14ae3d05350cfee5c51d2491cec8