a3d7cd217684a58df277f072e1b7e1a4e00448f1b7530fdae13af3903d1327a5

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-01-2025 06:46

Target

Wave.exe
Size

9.8MB
MD5

708932216a4a65b3e560893a115673f2
SHA1

e9aeef34258854948f50f1c6bbd8eb69772d0e59
SHA256

a3d7cd217684a58df277f072e1b7e1a4e00448f1b7530fdae13af3903d1327a5
SHA512

78ce6826fa7d3d561ce69d395b62e5178ab7333a510652b614fa7864ac61bf3901a07d49b39bd43968f5f54ef6f04fd9c6aa7af7a435d05c1a3833bf61272992
SSDEEP

196608:QNnP/g2ys0VxNQMiLP8qJEdHvHMeNxHFJMIDJ+gsAGKkRWyHEWzsT:/JBukqJEdPHTlFqy+gs1WYzs

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2664	Wave.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0005000000019d8c-47.dat	upx
behavioral1/memory/2664-49-0x000007FEF5DF0000-0x000007FEF625E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 2664	2880	Wave.exe	31
PID 2880 wrote to memory of 2664	2880	Wave.exe	31
PID 2880 wrote to memory of 2664	2880	Wave.exe	31

C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Users\Admin\AppData\Local\Temp\Wave.exe
  "C:\Users\Admin\AppData\Local\Temp\Wave.exe"
  2⤵
  - Loads dropped DLL
  PID:2664

C:\Users\Admin\AppData\Local\Temp\_MEI28802\python310.dll

Filesize
1.4MB

MD5
fc7bd515b12e537a39dc93a09b3eaad6

SHA1
96f5d4b0967372553cb106539c5566bc184f6167

SHA256
461e008b7cdf034f99a566671b87849772873a175aefec6ed00732976f5c4164

SHA512
a8433d5b403f898e4eeebd72fce08ebad066ca60aeb0b70e2ae78377babc2acbbae2ac91ab20f813cce4b1dc58c2ad6b3868f18cc8ac0fe7be2bff020eb73122

Download Submit
memory/2664-49-0x000007FEF5DF0000-0x000007FEF625E000-memory.dmp

Filesize
4.4MB

Download