Windows Analysis Report
aQ7ys7Vd23.exe

Overview

General Information

Sample name: aQ7ys7Vd23.exe
(renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name: 77200156d4773175d341aad11ab23bd52445065cd95060348da17d083dc27688
Analysis ID: 1544141
MD5: c9db6b5c84be13a43ad23cc204e4bc52
SHA1: 94bd6634303205715fd04f8aa10d75158390e4d9
SHA256: 77200156d4773175d341aad11ab23bd52445065cd95060348da17d083dc27688
Infos:

Detection

Score: 36
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Multi AV Scanner detection for submitted file
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Enables debug privileges
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: aQ7ys7Vd23.exe ReversingLabs: Detection: 20%
Source: aQ7ys7Vd23.exe Static PE information: certificate valid
Source: unknown HTTPS traffic detected: 52.6.252.145:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: aQ7ys7Vd23.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\code\chr-wpf-installer\InstallerWpfApp\obj\ReleasePro\Wave Browser.pdb source: aQ7ys7Vd23.exe
Source: Binary string: C:\code\chr-wpf-installer\InstallerWpfApp\obj\ReleasePro\Wave Browser.pdb. source: aQ7ys7Vd23.exe
Source: Binary string: mi_exe_stub.pdb source: aQ7ys7Vd23.exe
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /inst/0/status/chr_stub_started?id=&v=1.5.18.3 HTTP/1.1User-Agent: WaveInstaller/1.5.18.3Host: api.wavebrowserbase.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
Source: global traffic DNS traffic detected: DNS query: api.wavebrowserbase.com
Source: aQ7ys7Vd23.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: aQ7ys7Vd23.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: aQ7ys7Vd23.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: aQ7ys7Vd23.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: aQ7ys7Vd23.exe String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: aQ7ys7Vd23.exe String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: aQ7ys7Vd23.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: aQ7ys7Vd23.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: aQ7ys7Vd23.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: aQ7ys7Vd23.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: aQ7ys7Vd23.exe String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: aQ7ys7Vd23.exe String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: aQ7ys7Vd23.exe String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: aQ7ys7Vd23.exe, 00000000.00000002.2938235181.000000000315B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/Wave%20Browser;component/Img/LogoAndName.png
Source: aQ7ys7Vd23.exe, 00000000.00000002.2938235181.000000000315B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/Wave%20Browser;component/Img/background2a.png
Source: aQ7ys7Vd23.exe, 00000000.00000002.2938235181.000000000315B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/Wave%20Browser;component/Img/close-32.png
Source: aQ7ys7Vd23.exe, 00000000.00000002.2938235181.00000000030FE000.00000004.00000800.00020000.00000000.sdmp, aQ7ys7Vd23.exe, 00000000.00000002.2938235181.000000000315B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/Wave%20Browser;component/Page2a.xaml
Source: aQ7ys7Vd23.exe, 00000000.00000002.2938235181.000000000315B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Img/LogoAndName.png
Source: aQ7ys7Vd23.exe, 00000000.00000002.2938235181.000000000315B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Img/background2a.png
Source: aQ7ys7Vd23.exe, 00000000.00000002.2938235181.000000000315B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Img/close-32.png
Source: aQ7ys7Vd23.exe, 00000000.00000002.2938235181.000000000315B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Page2a.xaml
Source: aQ7ys7Vd23.exe, 00000000.00000002.2938235181.000000000315B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/img/background2a.png
Source: aQ7ys7Vd23.exe, 00000000.00000002.2938235181.000000000315B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/img/close-32.png
Source: aQ7ys7Vd23.exe, 00000000.00000002.2938235181.000000000315B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/img/logoandname.png
Source: aQ7ys7Vd23.exe, 00000000.00000002.2938235181.000000000315B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/page2a.baml
Source: aQ7ys7Vd23.exe String found in binary or memory: http://ocsp.digicert.com0
Source: aQ7ys7Vd23.exe String found in binary or memory: http://ocsp.digicert.com0A
Source: aQ7ys7Vd23.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: aQ7ys7Vd23.exe String found in binary or memory: http://ocsp.digicert.com0X
Source: aQ7ys7Vd23.exe String found in binary or memory: http://ocsp.sectigo.com0
Source: aQ7ys7Vd23.exe, 00000000.00000002.2938235181.00000000030AD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: aQ7ys7Vd23.exe String found in binary or memory: http://www.digicert.com/CPS0
Source: aQ7ys7Vd23.exe String found in binary or memory: http://www.gimp.org/xmp/
Source: aQ7ys7Vd23.exe, 00000000.00000002.2938235181.00000000030AD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.wavebrowserbase.com
Source: aQ7ys7Vd23.exe, 00000000.00000002.2938235181.00000000030AD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.wavebrowserbase.com/inst/0/status/chr_stub_started?id=&v=1.5.18.3
Source: aQ7ys7Vd23.exe String found in binary or memory: https://myinternetbrowser.com/installing/step1.html?iid=
Source: aQ7ys7Vd23.exe String found in binary or memory: https://myinternetbrowser.com/installing/step2.html?iid=
Source: aQ7ys7Vd23.exe String found in binary or memory: https://sectigo.com/CPS0
Source: aQ7ys7Vd23.exe, 00000000.00000002.2938235181.00000000030AD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://wavebrowser.co/about
Source: aQ7ys7Vd23.exe, 00000000.00000002.2938235181.00000000030AD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://wavebrowser.co/changelog
Source: aQ7ys7Vd23.exe String found in binary or memory: https://wavebrowser.co/changelog?
Source: aQ7ys7Vd23.exe, 00000000.00000002.2938235181.000000000315B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://wavebrowser.co/privacy
Source: aQ7ys7Vd23.exe String found in binary or memory: https://wavebrowser.co/privacy?
Source: aQ7ys7Vd23.exe, 00000000.00000002.2938235181.00000000030AD000.00000004.00000800.00020000.00000000.sdmp, aQ7ys7Vd23.exe, 00000000.00000002.2938235181.000000000315B000.00000004.00000800.00020000.00000000.sdmp, aQ7ys7Vd23.exe, 00000000.00000002.2938235181.0000000003676000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://wavebrowser.co/terms
Source: aQ7ys7Vd23.exe String found in binary or memory: https://wavebrowser.co/terms=https://wavebrowser.co/privacyAhttps://wavebrowser.co/changelog9https:/
Source: aQ7ys7Vd23.exe String found in binary or memory: https://wavebrowser.co/terms?
Source: aQ7ys7Vd23.exe, 00000000.00000002.2938235181.000000000315B000.00000004.00000800.00020000.00000000.sdmp, aQ7ys7Vd23.exe, 00000000.00000002.2938235181.0000000003676000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://wavebrowser.co/termsp
Source: aQ7ys7Vd23.exe, 00000000.00000002.2938235181.00000000030AD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://wavebrowser.co/uninstall
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown HTTPS traffic detected: 52.6.252.145:443 -> 192.168.2.4:49734 version: TLS 1.2
Sample file is different than original file name gathered from version info
Source: aQ7ys7Vd23.exe, 00000000.00000000.1671936755.0000000000CC2000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameSWUpdaterSetup.exeD vs aQ7ys7Vd23.exe
Source: aQ7ys7Vd23.exe, 00000000.00000000.1672041056.0000000000DD0000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameWave Browser.exe8 vs aQ7ys7Vd23.exe
Source: aQ7ys7Vd23.exe, 00000000.00000002.2938235181.00000000030AD000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilename vs aQ7ys7Vd23.exe
Source: aQ7ys7Vd23.exe Binary or memory string: OriginalFilenameSWUpdaterSetup.exeD vs aQ7ys7Vd23.exe
Source: aQ7ys7Vd23.exe Binary or memory string: OriginalFilenameWave Browser.exe8 vs aQ7ys7Vd23.exe
Source: aQ7ys7Vd23.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engine Classification label: sus36.winEXE@1/0@1/1
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Mutant created: NULL
Source: aQ7ys7Vd23.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: aQ7ys7Vd23.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: aQ7ys7Vd23.exe ReversingLabs: Detection: 20%
Source: aQ7ys7Vd23.exe String found in binary or memory: /install "
Source: aQ7ys7Vd23.exe String found in binary or memory: https://myinternetbrowser.com/installing/step1.html?iid={IID}&appname={AppName}
Source: aQ7ys7Vd23.exe String found in binary or memory: https://myinternetbrowser.com/installing/step2.html?iid={IID}&appname={AppName}4SOFTWARE\Wavesor\SWUpdater
Source: aQ7ys7Vd23.exe String found in binary or memory: C:\code\chr-wpf-installer\InstallerWpfApp\obj\ReleasePro\Wave Browser.pdb
Source: aQ7ys7Vd23.exe String found in binary or memory: C:\code\chr-wpf-installer\InstallerWpfApp\obj\ReleasePro\Wave Browser.pdb.
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: msvcp140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: rtutils.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: d3d9.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: msctfui.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: uiautomationcore.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Section loaded: d3dcompiler_47.dll Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\InprocServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll Jump to behavior
Source: aQ7ys7Vd23.exe Static PE information: certificate valid
Source: aQ7ys7Vd23.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: aQ7ys7Vd23.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: aQ7ys7Vd23.exe Static file information: File size 1290024 > 1048576
Source: aQ7ys7Vd23.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x10ce00
Source: aQ7ys7Vd23.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: aQ7ys7Vd23.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\code\chr-wpf-installer\InstallerWpfApp\obj\ReleasePro\Wave Browser.pdb source: aQ7ys7Vd23.exe
Source: Binary string: C:\code\chr-wpf-installer\InstallerWpfApp\obj\ReleasePro\Wave Browser.pdb. source: aQ7ys7Vd23.exe
Source: Binary string: mi_exe_stub.pdb source: aQ7ys7Vd23.exe
Binary contains a suspicious time stamp
Source: aQ7ys7Vd23.exe Static PE information: 0xB8679407 [Sat Jan 14 19:44:07 2068 UTC]
Source: aQ7ys7Vd23.exe Static PE information: section name: .text entropy: 7.578169712823238
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Memory allocated: 2ED0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Memory allocated: 1B070000 memory reserve | memory write watch Jump to behavior
Source: aQ7ys7Vd23.exe, 00000000.00000002.2939927249.000000001BADD000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll<
Enables debug privileges
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Memory allocated: page read and write | page guard Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Queries volume information: C:\Users\user\Desktop\aQ7ys7Vd23.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\aQ7ys7Vd23.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1544141 Sample: aQ7ys7Vd23 Startdate: 28/10/2024 Architecture: WINDOWS Score: 36 9 api.wavebrowserbase.com 2->9 13 Multi AV Scanner detection for submitted file 2->13 6 aQ7ys7Vd23.exe 14 14 2->6         started        signatures3 process4 dnsIp5 11 api.wavebrowserbase.com 52.6.252.145, 443, 49734 AMAZON-AESUS United States 6->11
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
52.6.252.145
 api.wavebrowserbase.com United States
14618 AMAZON-AESUS false

Contacted Domains

Name IP Active
api.wavebrowserbase.com 52.6.252.145 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://api.wavebrowserbase.com/inst/0/status/chr_stub_started?id=&v=1.5.18.3 false
    		unknown