77200156d4773175d341aad11ab23bd52445065cd95060348da17d083dc27688 | Triage

Analysis

max time kernel
3s
max time network
0s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10-09-2024 02:03

Sharing

Report Analysis Logs

General

Target

Wave Browser.exe
Size

1.2MB
MD5

c9db6b5c84be13a43ad23cc204e4bc52
SHA1

94bd6634303205715fd04f8aa10d75158390e4d9
SHA256

77200156d4773175d341aad11ab23bd52445065cd95060348da17d083dc27688
SHA512

9273493c5e5ea24b2f5ee219fdf849546e85b3f5cc24c970f1ab6fdcfe961d96ca6fd41c96f9d915892ab24ce7ff409f0f5a6569b0225e95d36afba51615f8d6
SSDEEP

24576:PW/RUV5T9w6qAps/uc+hd+VochG2f6kD4E/7J:PCRUVvjsTE9Y6kcEt

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Wave Browser.exe

description pid process

Token: SeDebugPrivilege 2704 Wave Browser.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Wave Browser.exe

description	pid	process	target process
PID 2704 wrote to memory of 2788	2704	Wave Browser.exe	WerFault.exe
PID 2704 wrote to memory of 2788	2704	Wave Browser.exe	WerFault.exe
PID 2704 wrote to memory of 2788	2704	Wave Browser.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Wave Browser.exe
"C:\Users\Admin\AppData\Local\Temp\Wave Browser.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2704 -s 652
  2⤵
  PID:2788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2704-0-0x000007FEF56A3000-0x000007FEF56A4000-memory.dmp

Filesize
4KB

Download
memory/2704-1-0x0000000000F70000-0x00000000010AE000-memory.dmp

Filesize
1.2MB

Download
memory/2704-2-0x000007FEF56A0000-0x000007FEF608C000-memory.dmp

Filesize
9.9MB

Download
memory/2704-3-0x000007FEF56A0000-0x000007FEF608C000-memory.dmp

Filesize
9.9MB

Download