4114122c0dca23f637d83eed33f9abcdc92709e2ac6f63ffd55f5aae519b58ab | Triage

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-10-2024 21:56

Sharing

Report Analysis Logs

General

Target

Wave Browser (6).exe
Size

1.2MB
MD5

1684aab6fae1ed888cf6d3c45e3f5fa7
SHA1

6acc87b81836575bf7b497f0e8a9a23a221f06b7
SHA256

4114122c0dca23f637d83eed33f9abcdc92709e2ac6f63ffd55f5aae519b58ab
SHA512

6d4bafe21686ce62cc129082e8dcd4da87fa7dcaea5eee9862a99adbb0142e89fe0e9d097ee2b9a9a6b6eab3ee23b6a26c4fa587d7ce1782a1d2e2c1454c2e71
SSDEEP

24576:2s/RUhtSWUeNXoCPxjyJVhGi4vGuOg9ajduJd/WDj0uX:2oRUhoK/9ecwjd6d/sIuX

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Wave Browser (6).exe

description pid process

Token: SeDebugPrivilege 2516 Wave Browser (6).exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Wave Browser (6).exe

description	pid	process	target process
PID 2516 wrote to memory of 2120	2516	Wave Browser (6).exe	WerFault.exe
PID 2516 wrote to memory of 2120	2516	Wave Browser (6).exe	WerFault.exe
PID 2516 wrote to memory of 2120	2516	Wave Browser (6).exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Wave Browser (6).exe
"C:\Users\Admin\AppData\Local\Temp\Wave Browser (6).exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2516 -s 652
  2⤵
  PID:2120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2516-0-0x000007FEF6053000-0x000007FEF6054000-memory.dmp

Filesize
4KB

Download
memory/2516-1-0x0000000000D40000-0x0000000000E7A000-memory.dmp

Filesize
1.2MB

Download
memory/2516-2-0x000007FEF6050000-0x000007FEF6A3C000-memory.dmp

Filesize
9.9MB

Download
memory/2516-3-0x000007FEF6050000-0x000007FEF6A3C000-memory.dmp

Filesize
9.9MB

Download