Overview
overview
10Static
static
3Wave.JohnP...ed.rar
windows7-x64
3Wave.JohnP...ed.rar
windows10-2004-x64
3CefSharp.C...me.dll
windows7-x64
1CefSharp.C...me.dll
windows10-2004-x64
1WaveWindow...ed.exe
windows7-x64
10WaveWindow...ed.exe
windows10-2004-x64
10bin/Background.mp4
windows7-x64
1bin/Background.mp4
windows10-2004-x64
6bin/lz4.dll
windows7-x64
1bin/lz4.dll
windows10-2004-x64
1bin/wolfssl.dll
windows7-x64
1bin/wolfssl.dll
windows10-2004-x64
1bin/xxhash.dll
windows7-x64
1bin/xxhash.dll
windows10-2004-x64
1bin/zlib1.dll
windows7-x64
1bin/zlib1.dll
windows10-2004-x64
1bin/zstd.dll
windows7-x64
1bin/zstd.dll
windows10-2004-x64
1cracked by...lx.txt
windows7-x64
1cracked by...lx.txt
windows10-2004-x64
1d3dcompiler_47.dll
windows7-x64
1d3dcompiler_47.dll
windows10-2004-x64
1Analysis
-
max time kernel
136s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
01-07-2024 04:29
Static task
static1
Behavioral task
behavioral1
Sample
Wave.JohnPrlx.cracked.rar
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Wave.JohnPrlx.cracked.rar
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
CefSharp.Core.Runtime.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
CefSharp.Core.Runtime.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
WaveWindowsCracked.exe
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
WaveWindowsCracked.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
bin/Background.mp4
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
bin/Background.mp4
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
bin/lz4.dll
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
bin/lz4.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
bin/wolfssl.dll
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
bin/wolfssl.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
bin/xxhash.dll
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
bin/xxhash.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
bin/zlib1.dll
Resource
win7-20240419-en
Behavioral task
behavioral16
Sample
bin/zlib1.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
bin/zstd.dll
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
bin/zstd.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
cracked by JohnPrlx.txt
Resource
win7-20231129-en
Behavioral task
behavioral20
Sample
cracked by JohnPrlx.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
d3dcompiler_47.dll
Resource
win7-20240611-en
Behavioral task
behavioral22
Sample
d3dcompiler_47.dll
Resource
win10v2004-20240226-en
General
-
Target
Wave.JohnPrlx.cracked.rar
-
Size
10.3MB
-
MD5
a502e43649c31bd6007912d68b37cad1
-
SHA1
9076425d466c78f4cf458ab9913fb0880fecf7d0
-
SHA256
6d5ff2230c713e9372d23989c3ea247d814ffc6f19380be86f7bccf3c0b6ff91
-
SHA512
cebdaf98e4406fcb95c3086c976c16313230c2630c610d542c61e1c8a655c28a4a6555d9c40a8faed760827d24613acc624547390d66e59f1a77ef7e45ff7ca0
-
SSDEEP
196608:3xLL5xzen4Pdl4KmMJpgkGTSLv+gaiPBgy/fxKKXWK22Ddd:hPKn4PYhT4ai/xPGQdd
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 2068 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Wave.JohnPrlx.cracked.rar1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1308,i,6522675234395427298,2952738987384583032,262144 --variations-seed-version --mojo-platform-channel-handle=4432 /prefetch:81⤵