Overview
overview
8Static
static
3Wave Launcher.exe
windows10-ltsc 2021-x64
8$PLUGINSDI...er.dll
windows10-ltsc 2021-x64
3$PLUGINSDI...ls.dll
windows10-ltsc 2021-x64
3$PLUGINSDI...em.dll
windows10-ltsc 2021-x64
3$PLUGINSDI...ll.dll
windows10-ltsc 2021-x64
3$PLUGINSDIR/app-64.7z
windows10-ltsc 2021-x64
7resources/...dex.js
windows10-ltsc 2021-x64
3resources/...pi.dll
windows10-ltsc 2021-x64
1resources/...ry.dll
windows10-ltsc 2021-x64
1resources/...dex.js
windows10-ltsc 2021-x64
3resources/...try.js
windows10-ltsc 2021-x64
3resources/...e3.dll
windows10-ltsc 2021-x64
1resources/...act.js
windows10-ltsc 2021-x64
3resources/...ing.js
windows10-ltsc 2021-x64
3resources/...te3.js
windows10-ltsc 2021-x64
3resources/...ace.js
windows10-ltsc 2021-x64
3resources/...kup.js
windows10-ltsc 2021-x64
3resources/...bin.js
windows10-ltsc 2021-x64
3resources/...dex.js
windows10-ltsc 2021-x64
3resources/...pi.dll
windows10-ltsc 2021-x64
3resources/...pi.dll
windows10-ltsc 2021-x64
1resources/...kip.js
windows10-ltsc 2021-x64
3resources/elevate.exe
windows10-ltsc 2021-x64
3vk_swiftshader.dll
windows10-ltsc 2021-x64
1vulkan-1.dll
windows10-ltsc 2021-x64
1$PLUGINSDI...ec.dll
windows10-ltsc 2021-x64
3$PLUGINSDI...7z.dll
windows10-ltsc 2021-x64
3$R0/Uninst...fu.exe
windows10-ltsc 2021-x64
7$PLUGINSDI...ls.dll
windows10-ltsc 2021-x64
3$PLUGINSDI...em.dll
windows10-ltsc 2021-x64
3$PLUGINSDI...ll.dll
windows10-ltsc 2021-x64
3$PLUGINSDI...ec.dll
windows10-ltsc 2021-x64
3Analysis
-
max time kernel
98s -
max time network
141s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
03-01-2025 08:55
Static task
static1
Behavioral task
behavioral1
Sample
Wave Launcher.exe
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral2
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/app-64.7z
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral7
Sample
resources/app.asar.unpacked/node_modules/@primno/dpapi/dist/index.js
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral8
Sample
resources/app.asar.unpacked/node_modules/@primno/dpapi/prebuilds/win32-x64/node.napi.dll
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral9
Sample
resources/app.asar.unpacked/node_modules/registry-js/build/Release/registry.dll
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral10
Sample
resources/app.asar.unpacked/node_modules/registry-js/dist/lib/index.js
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral11
Sample
resources/app.asar.unpacked/node_modules/registry-js/dist/lib/registry.js
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral12
Sample
resources/app.asar.unpacked/node_modules/sqlite3/build/Release/node_sqlite3.dll
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral13
Sample
resources/app.asar.unpacked/node_modules/sqlite3/deps/extract.js
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral14
Sample
resources/app.asar.unpacked/node_modules/sqlite3/lib/sqlite3-binding.js
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral15
Sample
resources/app.asar.unpacked/node_modules/sqlite3/lib/sqlite3.js
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral16
Sample
resources/app.asar.unpacked/node_modules/sqlite3/lib/trace.js
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral17
Sample
resources/app.asar.unpacked/node_modules/sqlite3/src/backup.js
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral18
Sample
resources/app.asar.unpacked/node_modules/win-version-info/bin.js
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral19
Sample
resources/app.asar.unpacked/node_modules/win-version-info/index.js
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral20
Sample
resources/app.asar.unpacked/node_modules/win-version-info/prebuilds/win32-ia32/node.napi.dll
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral21
Sample
resources/app.asar.unpacked/node_modules/win-version-info/prebuilds/win32-x64/node.napi.dll
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral22
Sample
resources/app.asar.unpacked/node_modules/win-version-info/skip.js
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral23
Sample
resources/elevate.exe
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral24
Sample
vk_swiftshader.dll
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral25
Sample
vulkan-1.dll
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral26
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral27
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral28
Sample
$R0/Uninstall DesktopWaifu.exe
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral29
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral30
Sample
$PLUGINSDIR/System.dll
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral31
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
Behavioral task
behavioral32
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10ltsc2021-20241211-en
windows10-ltsc 2021-x64
General
-
Target
$PLUGINSDIR/app-64.7z
-
Size
86.4MB
-
MD5
97696ecaf41621c8640b585135cc1a2e
-
SHA1
86b5058e3dc730dff769180954f7aace8f13be99
-
SHA256
beb3ecdf9857fda612cbb9008516e633c61e7b89ccecdc0102109c007ffb257b
-
SHA512
893a915c25c13bd159cfca6bf9ab75029f31b88561c571ea979e58c40d427f02a0763aa99cba31c896ec1b67cecb32936aa318c9d56fd7c35c8899c5be113247
-
SSDEEP
1572864:Ee4hd5gG8x/keCUDXbbJurhNih/PFM+BXfFDLXM5tG5R5mQD8vO/:Ee4DhCXHJ5XLX9gY8vu
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1748 DesktopWaifu.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3136 7zFM.exe 3136 7zFM.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3136 7zFM.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3136 7zFM.exe Token: 35 3136 7zFM.exe Token: SeSecurityPrivilege 3136 7zFM.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 3136 7zFM.exe 3136 7zFM.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 3136 wrote to memory of 1748 3136 7zFM.exe 91 PID 3136 wrote to memory of 1748 3136 7zFM.exe 91
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3136 -
C:\Users\Admin\AppData\Local\Temp\7zO04C13668\DesktopWaifu.exe"C:\Users\Admin\AppData\Local\Temp\7zO04C13668\DesktopWaifu.exe"2⤵
- Executes dropped EXE
PID:1748
-