8a2e5e073d34f4fb7cda2040d30e23d60cb675b71120e0e2c39838015c66f306 | Triage

Resubmissions

30-10-2024 15:47

241030-s78hfswhrk 3

23-10-2024 15:27

241023-sv3rfaxcnd 3

23-10-2024 15:23

241023-ssksvaxbld 3

04-09-2024 13:53

240904-q65ztssflb 10

Analysis

max time kernel
1360s
max time network
1422s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
30-10-2024 15:47

Sharing

Report Analysis Logs

General

Target

WaveKeyGen.7z
Size

97KB
MD5

f72d01d4573ba1ca18202804587692e0
SHA1

64dd3ed6d4e6f5abb73dcd1772b54d09857815a2
SHA256

8a2e5e073d34f4fb7cda2040d30e23d60cb675b71120e0e2c39838015c66f306
SHA512

f7047a582bb826306eb01dc58c276b115ce2d685f28b5fd44c643441367f520735784445f957eaba65961bc91a64c16d65ecd3a764814b119cf73d88688b2f02
SSDEEP

3072:3N1azrCbYA0XHdtusSlyJRzO+KT9yN4wUdrIoR:fWHXHdtI63KZ84Bpn

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	1212	7zFM.exe
Token: 35	1212	7zFM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1212	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\WaveKeyGen.7z"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads