056debbd89eda6cdc14df7ce67b2f03310bf0a74f8bc82cd65ab00ab85ee8867

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-10-2024 08:24

Target

Wave.exe
Size

39.2MB
MD5

7f7cfe6e3e1ff5d30687f6f97dcb4806
SHA1

acf1dc02e25c769fbf58d0b3a125e81f7036cd57
SHA256

056debbd89eda6cdc14df7ce67b2f03310bf0a74f8bc82cd65ab00ab85ee8867
SHA512

535c9e4f31ad43019f8bc4a09dea21b6a201d2f0bbc546741c8ec582e28efa0336e6de78086d1f70ad4f82bc1d037a3158fa4c766f95eb547e21180e8a780dfa
SSDEEP

786432:JFt0zcY87WTci6/9x94MH+Q7/i50eqd2QJNLtv3TWYW+u:JFGE7WTciY4MHHLeqPNLtDW4

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
1244	Wave.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019535-144.dat	upx
behavioral1/memory/1244-146-0x000007FEF56F0000-0x000007FEF5B5E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 1244	2380	Wave.exe	30
PID 2380 wrote to memory of 1244	2380	Wave.exe	30
PID 2380 wrote to memory of 1244	2380	Wave.exe	30

C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Users\Admin\AppData\Local\Temp\Wave.exe
  "C:\Users\Admin\AppData\Local\Temp\Wave.exe"
  2⤵
  - Loads dropped DLL
  PID:1244

C:\Users\Admin\AppData\Local\Temp\_MEI23802\python310.dll

Filesize
1.4MB

MD5
933b49da4d229294aad0c6a805ad2d71

SHA1
9828e3ce504151c2f933173ef810202d405510a4

SHA256
ab3e996db016ba87004a3c4227313a86919ff6195eb4b03ac1ce523f126f2206

SHA512
6023188f3b412dd12c2d4f3a8e279dcace945b6e24e1f6bbd4e49a5d2939528620ceb9a5f77b9a47d2d0454e472e2999240b81bed0239e7e400a4e25c96e1165

Download Submit
memory/1244-146-0x000007FEF56F0000-0x000007FEF5B5E000-memory.dmp

Filesize
4.4MB

Download