hxxps://cdn[.]getwave[.]gg/WaveWindows[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

https://cdn.getwave.gg/WaveWindows.zip
Sample

240914-mtt51szdlk

Score

7^/10

defense_evasion discovery execution motw phishing privilege_escalation

Malware Config

Targets

- Target
  
  https://cdn.getwave.gg/WaveWindows.zip
Score

7^/10

defense_evasion discovery execution motw phishing privilege_escalation
- Executes dropped EXE
- Checks for any installed AV software in registry
- Hide Artifacts: Hidden Window
  Windows that would typically be displayed when an application carries out an operation can be hidden.
  defense_evasion
- Mark of the Web detected: This indicates that the page was originally saved or cloned.
  phishing motw
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Access Token Manipulation

Create Process with Token

Defense Evasion

Access Token Manipulation

Create Process with Token

Hide Artifacts

Hidden Window

Credential Access

Discovery

Browser Information Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

defense_evasiondiscoveryexecutionmotwphishingprivilege_escalation