Overview

overview

7

Static

static

3

WaveWindows.exe

windows10-1703-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WaveWindows.zip

  • Size

    108.7MB

  • Sample

    240915-nktcssscmm

  • MD5

    9428a74a47d011ad1ec5d2d1bbd5a653

  • SHA1

    59a2ae2d824ffb3b4cad0bcc2dc9ebf4b9d3f2c1

  • SHA256

    d8b625671cc91b9eff8731582826f00a4be7cb70469f0d9f83c93375aa1e6d6d

  • SHA512

    2a68ba9085cfbb140aa1c15b82c35715e280c3983c155b0fd82496f352a1fda16e6dad57dfa339a37ab9739b8bdcffe15b37a690782b9ef241042a819b310656

  • SSDEEP

    3145728:PG6q1wVyepHpugUaHzZjOtcxR6FyK4O2YDwVAX:OoyeUiZqtMDb51A

Score
7/10
defense_evasionexecutionprivilege_escalation

Malware Config

Targets

    • Target

      WaveWindows.exe

    • Size

      172.5MB

    • MD5

      30f269a8a4a5f5e1d0a10cb4ea43b738

    • SHA1

      672dd7bdf8dfaf7442c210a5acbea829916a7873

    • SHA256

      bb74a49ede11683d120fbc193c88cbf0681f61450c3290f842f6b7435b4c97ea

    • SHA512

      c8e0c35f18cd59c731090d51bd234e74d7d269f0006c75e3fa49e03a0a825f66568ec946bb714957554fe227f7b3fc6d3eda0968547b95a8d8c8d27c02567cf6

    • SSDEEP

      1572864:6V00dKoWtUBaArjpGI2O6QMsjI1RaZjVdiX5H5z8GTzXts3XYpfLW5q:Lgrm7i5

    Score
    7/10
    defense_evasionexecutionprivilege_escalation

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks for any installed AV software in registry

    • Hide Artifacts: Hidden Window

      Windows that would typically be displayed when an application carries out an operation can be hidden.

      defense_evasion

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

      execution

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks