5ff7369c044fb786882a4c29a740acadd111cfff8ff2b7007402c67c679539de

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-10-2024 19:50

Target

Wave.exe
Size

11.4MB
MD5

f35a725f97ad76eca927922818beb2e4
SHA1

122bbb2bd760d4e79fa6ad00a54735d03a8adb8a
SHA256

5b7aff97d05040bdef75b041e3732f1cd2b966843c11ffe579594dd7e4526cc4
SHA512

7f48a6ba351c3ee30ff9973a7257697a3b69b3836c6c26daa0ef2b14fed08f921859d076644acecfa21024aa7470ef3002f63fe7b24a9a2a515948b9f7d8d507
SSDEEP

196608:5IU7WhGreGJb3tQk5tSOshoKMuIkhVAastRL5DicJUGc1K7kC8Gx:mU7WhGL7v5tSOshouIkPAftRL5dYY8Gx

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2904	Wave.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019d2d-51.dat	upx
behavioral1/memory/2904-53-0x000007FEF6940000-0x000007FEF6F29000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 2904	2700	Wave.exe	30
PID 2700 wrote to memory of 2904	2700	Wave.exe	30
PID 2700 wrote to memory of 2904	2700	Wave.exe	30

C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Users\Admin\AppData\Local\Temp\Wave.exe
  "C:\Users\Admin\AppData\Local\Temp\Wave.exe"
  2⤵
  - Loads dropped DLL
  PID:2904

C:\Users\Admin\AppData\Local\Temp\_MEI27002\python311.dll

Filesize
1.6MB

MD5
c3de98791123bb12b315e2b4ce408d3b

SHA1
95c36944c9a4e8bb05a32e882835cac9c030c053

SHA256
98a51eca014369411df0980acbc16207d0de76c8adcd67fc27e1aa5e2f7731bb

SHA512
91651c0d5a1f55d296791aedb1594fe6b546dd16b7801af1ffa580486c99421f156ac86ccd5e22eacb7ad93fe8d3d909d50c9cc013e2618a29db8bf22183f9bc

Download Submit
memory/2904-53-0x000007FEF6940000-0x000007FEF6F29000-memory.dmp

Filesize
5.9MB

Download