09e6dd1a80828e07ff796df46d5d3d19bc2cb2c94c8d26e15323a97285fe7b42 | Triage

Sharing

General

Target

WaveWindows.zip
Size

108.7MB
Sample

240919-hmvezswbpf
MD5

4033fea389121ab68e9bb3d89afb11a3
SHA1

ba943f96358f358cf4e2f7394230ad48c4fa413a
SHA256

09e6dd1a80828e07ff796df46d5d3d19bc2cb2c94c8d26e15323a97285fe7b42
SHA512

f1321baf4ba16addeadf4dfe3152c1eb7fb9630d77f20aa54806f5e9e4eaf106f83387afe0fad8bf21f4f09689be757648593cf943ca92d4dd669cc49453f3f2
SSDEEP

3145728:72OijPrHhWwUaHzZjOtcxR6FyK4O2YDwVAI:yVuiZqtMDb513

Score

7^/10

defense_evasion execution privilege_escalation

Malware Config

Targets

- Target
  
  WaveWindows.zip
- Size
  
  108.7MB
- MD5
  
  4033fea389121ab68e9bb3d89afb11a3
- SHA1
  
  ba943f96358f358cf4e2f7394230ad48c4fa413a
- SHA256
  
  09e6dd1a80828e07ff796df46d5d3d19bc2cb2c94c8d26e15323a97285fe7b42
- SHA512
  
  f1321baf4ba16addeadf4dfe3152c1eb7fb9630d77f20aa54806f5e9e4eaf106f83387afe0fad8bf21f4f09689be757648593cf943ca92d4dd669cc49453f3f2
- SSDEEP
  
  3145728:72OijPrHhWwUaHzZjOtcxR6FyK4O2YDwVAI:yVuiZqtMDb513
Score

1^/10
behavioral1
- Target
  
  WaveWindows.exe
- Size
  
  172.5MB
- MD5
  
  30f269a8a4a5f5e1d0a10cb4ea43b738
- SHA1
  
  672dd7bdf8dfaf7442c210a5acbea829916a7873
- SHA256
  
  bb74a49ede11683d120fbc193c88cbf0681f61450c3290f842f6b7435b4c97ea
- SHA512
  
  c8e0c35f18cd59c731090d51bd234e74d7d269f0006c75e3fa49e03a0a825f66568ec946bb714957554fe227f7b3fc6d3eda0968547b95a8d8c8d27c02567cf6
- SSDEEP
  
  1572864:6V00dKoWtUBaArjpGI2O6QMsjI1RaZjVdiX5H5z8GTzXts3XYpfLW5q:Lgrm7i5
Score

7^/10

defense_evasion execution privilege_escalation
- Executes dropped EXE
- Checks for any installed AV software in registry
- Hide Artifacts: Hidden Window
  Windows that would typically be displayed when an application carries out an operation can be hidden.
  defense_evasion
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Access Token Manipulation

Create Process with Token

Defense Evasion

Access Token Manipulation

Create Process with Token

Hide Artifacts

Hidden Window

Credential Access

Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

defense_evasionexecutionprivilege_escalation