a7dc86668abd85a5a240dcfbc4454d7113f28c20cf4d7795e64258fc2a3bd3fc

Analysis

max time kernel
17s
max time network
18s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23-07-2024 21:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WaveInstaller.exe
Size

10.3MB
MD5

a1dbe18bc267b20306a27e04fd48cbb5
SHA1

7639c0e5c14c5193c614a788b8ff93f063a96691
SHA256

a7dc86668abd85a5a240dcfbc4454d7113f28c20cf4d7795e64258fc2a3bd3fc
SHA512

374878d145e269e16215fe30e446cb08ca50a09906b90f2c83a542165a40e119efc52cb3a78596b8f20128345b9f76ae94bf3734d51e66133107a668ecb448ca
SSDEEP

196608:I6gKnt1Soq7n0jc/bPeNrYFJMIDJ+gsAGKoazR57QgmIo4ygWZ2:zg1b7n0jcw8Fqy+gsc5kcr

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2264	WaveInstaller.exe
2264	WaveInstaller.exe
2264	WaveInstaller.exe
2264	WaveInstaller.exe
2264	WaveInstaller.exe
2264	WaveInstaller.exe
2264	WaveInstaller.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001961d-97.dat	upx
behavioral1/memory/2264-99-0x000007FEF6100000-0x000007FEF656E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 2264	3016	WaveInstaller.exe	30
PID 3016 wrote to memory of 2264	3016	WaveInstaller.exe	30
PID 3016 wrote to memory of 2264	3016	WaveInstaller.exe	30

C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"
  2⤵
  - Loads dropped DLL
  PID:2264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI30162\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
852904535068e569e2b157f3bca0c08f

SHA1
c79b4d109178f4ab8c19ab549286eee4edf6eddb

SHA256
202b77cd363fce7c09d9a59b5779f701767c8734cc17bbe8b9ece5a0619f2225

SHA512
3e814678c7aa0d3d3a637ce3048e3b472dbb01b2e2a5932e5b257aa76bf8de8117a38e2a352daff66939a73c1b971b302f5635ea1d826b8a3afa49f9b543a541

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\api-ms-win-core-file-l2-1-0.dll

Filesize
22KB

MD5
cdfc83e189bda0ac9eab447671754e87

SHA1
cf597ee626366738d0ea1a1d8be245f26abbea72

SHA256
f4811f251c49c9ae75f9fe25890bacede852e4f1bfdc6685f49096253a43f007

SHA512
659ee46e210fcad6c778988a164ce3f69a137d05fb2699ff662540cbb281b38719017f1049d5189fafdae06c07a48d3d29dd98e11c1cae5d47768c243af37fe9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
f1d0595773886d101e684e772118d1ef

SHA1
290276053a75cbeb794441965284b18311ab355d

SHA256
040e1572da9a980392184b1315f27ebcdaf07a0d94ddf49cbd0d499f7cdb099a

SHA512
db57f4ae78f7062cfe392d6829c5975be91d0062ff06725c45c06a74e04ade8bcaf709cfebeba8146fb4396206141aa49572968ea240aa1cba909e43985dc3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
e26a5e364a76bf00feaab920c535adbb

SHA1
411eaf1ca1d8f1aebcd816d93933561c927f2754

SHA256
b3c0356f64e583c8aca3b1284c6133540a8a12f94b74568fb78ddc36eac6ab15

SHA512
333e42eeea07a46db46f222e27429facaaf2ce8a433f0c39f5d5c72e67d894c813d3cf77880434f6373e0d8fffa3ef96d5f37e38dd4775491f3da2b569e9df59

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\api-ms-win-core-timezone-l1-1-0.dll

Filesize
22KB

MD5
566232dabd645dcd37961d7ec8fde687

SHA1
88a7a8c777709ae4b6d47bed6678d0192eb3bc3f

SHA256
1290d332718c47961052ebc97a3a71db2c746a55c035a32b72e5ff00eb422f96

SHA512
e5d549c461859445006a4083763ce855adbb72cf9a0bcb8958daa99e20b1ca8a82dec12e1062787e2ae8aee94224b0c92171a4d99ed348b94eab921ede205220

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\python310.dll

Filesize
1.4MB

MD5
196deb9a74e6e9e242f04008ea80f7d3

SHA1
a54373ebad306f3e6f585bcdf1544fbdcf9c0386

SHA256
20b004bfe69166c4961fee93163e795746df39fb31dc67399c0fde57f551eb75

SHA512
8c226d3ef21f3ddeee14a098c60ef030fa78590e9505d015ce63ea5e5bbcea2e105ff818e94653df1bddc9ba6ed3b376a1dff5c19266b623fa22cd75ac263b68

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\ucrtbase.dll

Filesize
1021KB

MD5
4e326feeb3ebf1e3eb21eeb224345727

SHA1
f156a272dbc6695cc170b6091ef8cd41db7ba040

SHA256
3c60056371f82e4744185b6f2fa0c69042b1e78804685944132974dd13f3b6d9

SHA512
be9420a85c82eeee685e18913a7ff152fcead72a90ddcc2bcc8ab53a4a1743ae98f49354023c0a32b3a1d919bda64b5d455f6c3a49d4842bbba4aa37c1d05d67

Download Submit
memory/2264-99-0x000007FEF6100000-0x000007FEF656E000-memory.dmp

Filesize
4.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads