Overview
overview
10Static
static
10Wave/LICEN...m.html
windows11-21h2-x64
3Wave/WaveWindows.exe
windows11-21h2-x64
10Wave/d3dco...47.dll
windows11-21h2-x64
1Wave/ffmpeg.dll
windows11-21h2-x64
1Wave/libEGL.dll
windows11-21h2-x64
1Wave/libGLESv2.dll
windows11-21h2-x64
1Wave/resou...DME.js
windows11-21h2-x64
3Wave/resou...dex.js
windows11-21h2-x64
3Wave/resou...DME.js
windows11-21h2-x64
3Wave/resou...ten.js
windows11-21h2-x64
3Wave/resou...DME.js
windows11-21h2-x64
3Wave/resou...dex.js
windows11-21h2-x64
3Wave/resou...ead.js
windows11-21h2-x64
3Wave/resou...son.js
windows11-21h2-x64
3Wave/resou...raw.js
windows11-21h2-x64
3Wave/resou...ext.js
windows11-21h2-x64
3Wave/resou...ded.js
windows11-21h2-x64
3Wave/resou...DME.js
windows11-21h2-x64
3Wave/resou...onf.js
windows11-21h2-x64
3Wave/resou...ode.js
windows11-21h2-x64
3Wave/resou...ser.js
windows11-21h2-x64
3Wave/resou...bug.js
windows11-21h2-x64
3Wave/resou...dex.js
windows11-21h2-x64
3Wave/resou...log.js
windows11-21h2-x64
3Wave/resou...ode.js
windows11-21h2-x64
3Wave/resou...dex.js
windows11-21h2-x64
3Wave/resou...dme.js
windows11-21h2-x64
3Wave/resou...dex.js
windows11-21h2-x64
3Wave/resou...und.js
windows11-21h2-x64
3Wave/resou...dex.js
windows11-21h2-x64
3Wave/resou...und.js
windows11-21h2-x64
3Wave/resou...DME.js
windows11-21h2-x64
3Analysis
-
max time kernel
6s -
max time network
8s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
14-09-2024 10:32
Behavioral task
behavioral1
Sample
Wave/LICENSES.chromium.html
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral2
Sample
Wave/WaveWindows.exe
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
Wave/d3dcompiler_47.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral4
Sample
Wave/ffmpeg.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
Wave/libEGL.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral6
Sample
Wave/libGLESv2.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
Wave/resources/node_modules/accepts/README.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral8
Sample
Wave/resources/node_modules/accepts/index.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
Wave/resources/node_modules/array-flatten/README.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral10
Sample
Wave/resources/node_modules/array-flatten/array-flatten.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
Wave/resources/node_modules/body-parser/README.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral12
Sample
Wave/resources/node_modules/body-parser/index.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
Wave/resources/node_modules/body-parser/lib/read.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral14
Sample
Wave/resources/node_modules/body-parser/lib/types/json.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
Wave/resources/node_modules/body-parser/lib/types/raw.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral16
Sample
Wave/resources/node_modules/body-parser/lib/types/text.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
Wave/resources/node_modules/body-parser/lib/types/urlencoded.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral18
Sample
Wave/resources/node_modules/body-parser/node_modules/debug/README.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
Wave/resources/node_modules/body-parser/node_modules/debug/karma.conf.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral20
Sample
Wave/resources/node_modules/body-parser/node_modules/debug/node.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
Wave/resources/node_modules/body-parser/node_modules/debug/src/browser.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral22
Sample
Wave/resources/node_modules/body-parser/node_modules/debug/src/debug.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral23
Sample
Wave/resources/node_modules/body-parser/node_modules/debug/src/index.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral24
Sample
Wave/resources/node_modules/body-parser/node_modules/debug/src/inspector-log.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral25
Sample
Wave/resources/node_modules/body-parser/node_modules/debug/src/node.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral26
Sample
Wave/resources/node_modules/body-parser/node_modules/ms/index.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral27
Sample
Wave/resources/node_modules/bytes/Readme.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral28
Sample
Wave/resources/node_modules/bytes/index.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral29
Sample
Wave/resources/node_modules/call-bind/callBound.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral30
Sample
Wave/resources/node_modules/call-bind/index.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral31
Sample
Wave/resources/node_modules/call-bind/test/callBound.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral32
Sample
Wave/resources/node_modules/content-disposition/README.js
Resource
win11-20240802-en
windows11-21h2-x64
General
-
Target
Wave/LICENSES.chromium.html
-
Size
9.0MB
-
MD5
aaea51a605688fcb2f178fd60e4ca64c
-
SHA1
69d4791bf3cfedb68bc4d8f766878103578171cb
-
SHA256
96837a4a521a61bd3d34f2f660e29902d228aaec501eeb2a84403f1926c3df9d
-
SHA512
d328bf2f9ff7372a716a09e5882b9e3c0051b0135412b3258453085db1de2c7699c8aae24edfaca7798f468802db975977c9976e19fca84fffe884bf8594c33e
-
SSDEEP
24576:h+QQf6Ox6x5n1nZwReXe1GmfL6k6T6W6r656+eGj/dBIp+:oAZeGLp
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1272 msedge.exe 1272 msedge.exe 4856 msedge.exe 4856 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4856 msedge.exe 4856 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4856 wrote to memory of 2736 4856 msedge.exe 81 PID 4856 wrote to memory of 2736 4856 msedge.exe 81 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 3768 4856 msedge.exe 82 PID 4856 wrote to memory of 1272 4856 msedge.exe 83 PID 4856 wrote to memory of 1272 4856 msedge.exe 83 PID 4856 wrote to memory of 1400 4856 msedge.exe 84 PID 4856 wrote to memory of 1400 4856 msedge.exe 84 PID 4856 wrote to memory of 1400 4856 msedge.exe 84 PID 4856 wrote to memory of 1400 4856 msedge.exe 84 PID 4856 wrote to memory of 1400 4856 msedge.exe 84 PID 4856 wrote to memory of 1400 4856 msedge.exe 84 PID 4856 wrote to memory of 1400 4856 msedge.exe 84 PID 4856 wrote to memory of 1400 4856 msedge.exe 84 PID 4856 wrote to memory of 1400 4856 msedge.exe 84 PID 4856 wrote to memory of 1400 4856 msedge.exe 84 PID 4856 wrote to memory of 1400 4856 msedge.exe 84 PID 4856 wrote to memory of 1400 4856 msedge.exe 84 PID 4856 wrote to memory of 1400 4856 msedge.exe 84 PID 4856 wrote to memory of 1400 4856 msedge.exe 84 PID 4856 wrote to memory of 1400 4856 msedge.exe 84 PID 4856 wrote to memory of 1400 4856 msedge.exe 84 PID 4856 wrote to memory of 1400 4856 msedge.exe 84 PID 4856 wrote to memory of 1400 4856 msedge.exe 84 PID 4856 wrote to memory of 1400 4856 msedge.exe 84 PID 4856 wrote to memory of 1400 4856 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Wave\LICENSES.chromium.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4856 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffce74a3cb8,0x7ffce74a3cc8,0x7ffce74a3cd82⤵PID:2736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,871226888415127109,6352539631922751951,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:22⤵PID:3768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,871226888415127109,6352539631922751951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,871226888415127109,6352539631922751951,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:82⤵PID:1400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,871226888415127109,6352539631922751951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:12⤵PID:232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,871226888415127109,6352539631922751951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵PID:2944
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3944
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3904
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50487ced0fdfd8d7a8e717211fcd7d709
SHA1598605311b8ef24b0a2ba2ccfedeecabe7fec901
SHA25676693c580fd4aadce2419a1b80795bb4ff78d70c1fd4330e777e04159023f571
SHA51216e1c6e9373b6d5155310f64bb71979601852f18ee3081385c17ffb943ab078ce27cd665fb8d6f3bcc6b98c8325b33403571449fad044e22aa50a3bf52366993
-
Filesize
152B
MD55578283903c07cc737a43625e2cbb093
SHA1f438ad2bef7125e928fcde43082a20457f5df159
SHA2567268c7d8375d50096fd5f773a0685ac724c6c2aece7dc273c7eb96b28e2935b2
SHA5123b29531c0bcc70bfc0b1af147fe64ce0a7c4d3cbadd2dbc58d8937a8291daae320206deb0eb2046c3ffad27e01af5aceca4708539389da102bff4680afaa1601
-
Filesize
5KB
MD5802243cc84642e48dc5e314a6c0b7249
SHA1cebf5b5d503c5e939b0de6acca0f79168e64a5a5
SHA256a9b41d70bdf9c8039adbe8313abb5f27639407240f86ffe70821ae02a533de40
SHA512c425912be100ccd3febffd68b69d0be9a64cd11bad163d28cedd865b6c592ca1aec987c50c76d4cf59f28106021b2b7d682749a39d3ec8404f399191efeccb44