Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

WaveInstaller.exe

windows7-x64

WaveInstaller.exe

windows10-2004-x64

3

Resubmissions

25/08/2024, 21:53 UTC

240825-1ry8vayfnl 3

25/08/2024, 21:49 UTC

240825-1pq5fsydrp 3

25/08/2024, 21:32 UTC

240825-1d1vhswdna 8

25/08/2024, 21:31 UTC

240825-1c7xfawdjf 3

Analysis

  • max time kernel
    38s
  • max time network
    38s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2024, 21:49 UTC

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    WaveInstaller.exe

  • Size

    2.3MB

  • MD5

    8ad8b6593c91d7960dad476d6d4af34f

  • SHA1

    0a95f110c8264cde7768a3fd76db5687fda830ea

  • SHA256

    43e6ae7e38488e95741b1cad60843e7ce49419889285433eb4e697c175a153ab

  • SHA512

    09b522da0958f8b173e97b31b6c7141cb67de5d30db9ff71bc6e61ca9a97c09bff6b17d6eaa03c840500996aad25b3419391af64de1c59e98ff6a8eac636b686

  • SSDEEP

    49152:6inbT3qpTDQSmanAmwJAaDMg33U2pLYiniT:6inKpTJmWAmmAMPWin

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2100
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:2616
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:2528

      Network

      • flag-us
        DNS
        www.nuget.org
        WaveInstaller.exe
        Remote address:
        8.8.8.8:53
        Request
        www.nuget.org
        IN A
        Response
        www.nuget.org
        IN CNAME
        nugetprodusnc.azure-api.net
        nugetprodusnc.azure-api.net
        IN CNAME
        apimgmttm3csrht7lvztprufrqlzasbgohlgs9virtv24ewckt.trafficmanager.net
        apimgmttm3csrht7lvztprufrqlzasbgohlgs9virtv24ewckt.trafficmanager.net
        IN CNAME
        nugetprodusnc-northcentralus-01.regional.azure-api.net
        nugetprodusnc-northcentralus-01.regional.azure-api.net
        IN CNAME
        apimgmthskpop34uvs7ufuzdiq0mjfe3lnuqclimpbqtgnvr1k.cloudapp.net
        apimgmthskpop34uvs7ufuzdiq0mjfe3lnuqclimpbqtgnvr1k.cloudapp.net
        IN A
        52.240.159.111
      • flag-us
        DNS
        o953144.ingest.us.sentry.io
        WaveInstaller.exe
        Remote address:
        8.8.8.8:53
        Request
        o953144.ingest.us.sentry.io
        IN A
        Response
        o953144.ingest.us.sentry.io
        IN A
        34.120.195.249
      • 52.240.159.111:443
        www.nuget.org
        tls
        WaveInstaller.exe
        255 B
         92 B
         3
        2
      • 52.240.159.111:443
        www.nuget.org
        tls
        WaveInstaller.exe
        255 B
         92 B
         3
        2
      • 34.120.195.249:443
        o953144.ingest.us.sentry.io
        tls
        WaveInstaller.exe
        361 B
         219 B
         5
        5
      • 8.8.8.8:53
        www.nuget.org
        dns
        WaveInstaller.exe
        59 B
         325 B
         1
        1

        DNS Request

        www.nuget.org

        DNS Response

        52.240.159.111

      • 8.8.8.8:53
        o953144.ingest.us.sentry.io
        dns
        WaveInstaller.exe
        73 B
         89 B
         1
        1

        DNS Request

        o953144.ingest.us.sentry.io

        DNS Response

        34.120.195.249

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2100-12-0x00000000742A0000-0x000000007498E000-memory.dmp

        Filesize

        6.9MB

        Download

      • memory/2100-22-0x0000000005BD0000-0x0000000005BDA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/2100-2-0x00000000742A0000-0x000000007498E000-memory.dmp

        Filesize

        6.9MB

        Download

      • memory/2100-3-0x0000000004EC0000-0x0000000004F72000-memory.dmp

        Filesize

        712KB

        Download

      • memory/2100-4-0x0000000002230000-0x00000000022B2000-memory.dmp

        Filesize

        520KB

        Download

      • memory/2100-5-0x00000000004A0000-0x00000000004A8000-memory.dmp

        Filesize

        32KB

        Download

      • memory/2100-6-0x00000000004F0000-0x00000000004F8000-memory.dmp

        Filesize

        32KB

        Download

      • memory/2100-8-0x0000000000830000-0x000000000083A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/2100-7-0x0000000000830000-0x000000000083A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/2100-9-0x00000000742A0000-0x000000007498E000-memory.dmp

        Filesize

        6.9MB

        Download

      • memory/2100-10-0x00000000742A0000-0x000000007498E000-memory.dmp

        Filesize

        6.9MB

        Download

      • memory/2100-11-0x00000000742AE000-0x00000000742AF000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2100-1-0x0000000000BE0000-0x0000000000E2A000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/2100-14-0x00000000025F0000-0x00000000025FA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/2100-0-0x00000000742AE000-0x00000000742AF000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2100-15-0x00000000052A0000-0x0000000005316000-memory.dmp

        Filesize

        472KB

        Download

      • memory/2100-16-0x00000000050B0000-0x00000000050BA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/2100-17-0x0000000005360000-0x0000000005392000-memory.dmp

        Filesize

        200KB

        Download

      • memory/2100-18-0x00000000053D0000-0x00000000053F6000-memory.dmp

        Filesize

        152KB

        Download

      • memory/2100-19-0x0000000005190000-0x0000000005198000-memory.dmp

        Filesize

        32KB

        Download

      • memory/2100-21-0x00000000059F0000-0x0000000005A06000-memory.dmp

        Filesize

        88KB

        Download

      • memory/2100-13-0x0000000000830000-0x000000000083A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/2100-23-0x00000000742A0000-0x000000007498E000-memory.dmp

        Filesize

        6.9MB

        Download

      • memory/2528-25-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2616-24-0x0000000002D90000-0x0000000002D91000-memory.dmp

        Filesize

        4KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.