URL:

https://waveexecutor.io/download/

Full analysis: https://app.any.run/tasks/2e91f480-0644-4566-b5e6-17bd89aa23cf
Verdict: Malicious activity
Analysis date: December 13, 2024, 21:26:32
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
obfuscated-js
Indicators:
MD5:

C8EFB088C614EBBAA582041FAD13D40B

SHA1:

2820691F3614EC828CC464A92D78153C7763FBC4

SHA256:

005376ACC740D0B3A21E8A679622EB1112B3842A0816C66FCD160A1310A66219

SSDEEP:

3:N8V44pn:2SW

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 7412)
      • powershell.exe (PID: 6644)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Wave-Setup.exe (PID: 3416)
      • old-uninstaller.exe (PID: 4624)
      • Wave-Setup.exe (PID: 8180)

    • Executable content was dropped or overwritten

      • Wave-Setup.exe (PID: 3416)
      • Wave-Setup.exe (PID: 8180)
      • old-uninstaller.exe (PID: 4624)
      • Wave.exe (PID: 6616)

    • Starts CMD.EXE for commands execution

      • Wave-Setup.exe (PID: 3416)
      • Wave.exe (PID: 2220)
      • powershell.exe (PID: 7412)
      • Wave.exe (PID: 1920)
      • Wave-Setup.exe (PID: 8180)
      • old-uninstaller.exe (PID: 4624)
      • powershell.exe (PID: 6644)
      • Wave.exe (PID: 7800)
      • Wave.exe (PID: 6616)

    • Process drops legitimate windows executable

      • Wave-Setup.exe (PID: 3416)
      • Wave-Setup.exe (PID: 8180)
      • old-uninstaller.exe (PID: 4624)

    • Reads security settings of Internet Explorer

      • Wave-Setup.exe (PID: 3416)
      • Wave-Setup.exe (PID: 8180)

    • Creates a software uninstall entry

      • Wave-Setup.exe (PID: 3416)

    • Get information on the list of running processes

      • Wave-Setup.exe (PID: 3416)
      • cmd.exe (PID: 5340)
      • Wave-Setup.exe (PID: 8180)
      • cmd.exe (PID: 4668)
      • cmd.exe (PID: 8172)
      • old-uninstaller.exe (PID: 4624)

    • Drops 7-zip archiver for unpacking

      • Wave-Setup.exe (PID: 3416)
      • Wave-Setup.exe (PID: 8180)

    • The process creates files with name similar to system file names

      • Wave-Setup.exe (PID: 3416)
      • old-uninstaller.exe (PID: 4624)

    • Application launched itself

      • Wave.exe (PID: 2220)
      • Wave.exe (PID: 1920)
      • Wave.exe (PID: 7800)
      • Wave.exe (PID: 6616)

    • Starts process via Powershell

      • powershell.exe (PID: 7412)
      • powershell.exe (PID: 6644)

    • Executing commands from a ".bat" file

      • Wave.exe (PID: 2220)
      • powershell.exe (PID: 7412)
      • powershell.exe (PID: 6644)
      • Wave.exe (PID: 7800)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 7920)
      • cmd.exe (PID: 5244)

    • Starts application with an unusual extension

      • cmd.exe (PID: 5004)
      • cmd.exe (PID: 6544)

    • The executable file from the user directory is run by the CMD process

      • Wave.exe (PID: 1920)
      • Wave.exe (PID: 6616)

    • Searches for installed software

      • Wave-Setup.exe (PID: 8180)

    • The process deletes folder without confirmation

      • Wave.exe (PID: 2220)

  • INFO

    • Reads the computer name

      • identity_helper.exe (PID: 8184)
      • Wave-Setup.exe (PID: 3416)
      • Wave.exe (PID: 2220)
      • Wave.exe (PID: 7796)
      • Wave.exe (PID: 2448)
      • Wave.exe (PID: 1920)
      • Wave.exe (PID: 7524)
      • Wave.exe (PID: 6780)
      • identity_helper.exe (PID: 5556)
      • Wave-Setup.exe (PID: 8180)
      • Wave.exe (PID: 7800)
      • Wave.exe (PID: 7760)
      • Wave.exe (PID: 6616)
      • Bloxstrap.exe (PID: 6420)
      • Wave.exe (PID: 8184)

    • The process uses the downloaded file

      • msedge.exe (PID: 2940)
      • powershell.exe (PID: 6644)

    • Reads Environment values

      • identity_helper.exe (PID: 8184)
      • Wave.exe (PID: 2220)
      • Wave.exe (PID: 1920)
      • identity_helper.exe (PID: 5556)
      • Wave.exe (PID: 7800)

    • Checks supported languages

      • identity_helper.exe (PID: 8184)
      • Wave-Setup.exe (PID: 3416)
      • Wave.exe (PID: 2220)
      • Wave.exe (PID: 2448)
      • Wave.exe (PID: 7796)
      • Wave.exe (PID: 7524)
      • Wave.exe (PID: 6780)
      • Wave.exe (PID: 5872)
      • identity_helper.exe (PID: 5556)
      • Wave.exe (PID: 1920)
      • Wave-Setup.exe (PID: 8180)
      • old-uninstaller.exe (PID: 4624)
      • Wave.exe (PID: 7800)
      • chcp.com (PID: 6664)
      • Wave.exe (PID: 7848)
      • Bloxstrap.exe (PID: 6420)
      • wave-luau.exe (PID: 6916)
      • Wave.exe (PID: 7760)
      • Wave.exe (PID: 6188)
      • Wave.exe (PID: 6616)

    • Application launched itself

      • msedge.exe (PID: 4996)
      • msedge.exe (PID: 6480)

    • Create files in a temporary directory

      • Wave-Setup.exe (PID: 3416)
      • Wave.exe (PID: 1920)
      • Wave-Setup.exe (PID: 8180)
      • old-uninstaller.exe (PID: 4624)
      • Wave.exe (PID: 7800)

    • The sample compiled with english language support

      • Wave-Setup.exe (PID: 3416)
      • Wave-Setup.exe (PID: 8180)
      • old-uninstaller.exe (PID: 4624)
      • msedge.exe (PID: 6416)

    • Creates files or folders in the user directory

      • Wave-Setup.exe (PID: 3416)
      • Wave.exe (PID: 2220)
      • Wave.exe (PID: 7524)
      • Wave.exe (PID: 1920)
      • Wave-Setup.exe (PID: 8180)
      • Wave.exe (PID: 6616)

    • Reads product name

      • Wave.exe (PID: 2220)
      • Wave.exe (PID: 1920)
      • Wave.exe (PID: 7800)

    • Manual execution by a user

      • Wave.exe (PID: 2220)
      • Wave.exe (PID: 7800)

    • Reads the machine GUID from the registry

      • Wave.exe (PID: 2220)

    • Checks proxy server information

      • Wave.exe (PID: 2220)
      • Wave.exe (PID: 1920)
      • Wave.exe (PID: 7800)
      • Wave.exe (PID: 6616)

    • Drops encrypted VBS script (Microsoft Script Encoder)

      • Wave.exe (PID: 2220)
      • Wave.exe (PID: 1920)
      • Wave.exe (PID: 7800)
      • Wave.exe (PID: 6616)

    • Drops encrypted JS script (Microsoft Script Encoder)

      • Wave.exe (PID: 2220)
      • Wave.exe (PID: 1920)
      • Wave.exe (PID: 7800)
      • Wave.exe (PID: 6616)

    • Changes the display of characters in the console

      • cmd.exe (PID: 5004)
      • cmd.exe (PID: 6544)

    • Process checks computer location settings

      • Wave.exe (PID: 5872)
      • Wave.exe (PID: 1920)
      • Wave.exe (PID: 6616)

    • Sends debugging messages

      • Bloxstrap.exe (PID: 6420)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 6416)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
284
Monitored processes
144
Malicious processes
9
Suspicious processes
5

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wave-setup.exe cmd.exe no specs conhost.exe no specs tasklist.exe no specs find.exe no specs msedge.exe no specs msedge.exe no specs wave.exe no specs wave.exe no specs wave.exe no specs fsutil.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs cmd.exe conhost.exe no specs chcp.com no specs wave.exe wave.exe no specs wave.exe fsutil.exe no specs conhost.exe no specs wave.exe no specs wave-luau.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wave-setup.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs find.exe no specs old-uninstaller.exe cmd.exe no specs conhost.exe no specs tasklist.exe no specs find.exe no specs wave.exe no specs wave.exe no specs wave.exe no specs fsutil.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs cmd.exe conhost.exe no specs chcp.com no specs wave.exe wave.exe no specs wave.exe fsutil.exe no specs conhost.exe no specs wave.exe no specs cmd.exe no specs conhost.exe no specs wave-luau.exe no specs conhost.exe no specs reg.exe no specs msedge.exe no specs bloxstrap.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
4996"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://waveexecutor.io/download/"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6228"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x300,0x304,0x308,0x278,0x310,0x7ff8185e5fd8,0x7ff8185e5fe4,0x7ff8185e5ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6432"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2332 --field-trial-handle=2336,i,13087598501106350370,17057667398371626374,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6440"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2540 --field-trial-handle=2336,i,13087598501106350370,17057667398371626374,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6452"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2700 --field-trial-handle=2336,i,13087598501106350370,17057667398371626374,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6572"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3516 --field-trial-handle=2336,i,13087598501106350370,17057667398371626374,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6600"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3684 --field-trial-handle=2336,i,13087598501106350370,17057667398371626374,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6800"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4124 --field-trial-handle=2336,i,13087598501106350370,17057667398371626374,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6812"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4424 --field-trial-handle=2336,i,13087598501106350370,17057667398371626374,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7084"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5300 --field-trial-handle=2336,i,13087598501106350370,17057667398371626374,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
26 014
Read events
25 899
Write events
77
Delete events
38

Modification events

(PID) Process:(4996) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(4996) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(4996) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(4996) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(4996) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
C38DDBC4C3872F00
(PID) Process:(4996) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
AC54E6C4C3872F00
(PID) Process:(4996) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\393764
Operation:writeName:WindowTabManagerFileMappingId
Value:
{FDE8F93A-FA31-430C-B1E9-1E34E373E39F}
(PID) Process:(4996) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\393764
Operation:writeName:WindowTabManagerFileMappingId
Value:
{EDF109A6-BA73-4DBC-A882-EAD6BE39B132}
(PID) Process:(4996) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\393764
Operation:writeName:WindowTabManagerFileMappingId
Value:
{7AE08423-C2C8-4532-BC92-30AD62C14E63}
(PID) Process:(4996) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\393764
Operation:writeName:WindowTabManagerFileMappingId
Value:
{7C6F4D29-FDAC-4AE1-A5CF-96E214BDDACF}
Executable files
89
Suspicious files
1 023
Text files
243
Unknown types
15

Dropped files

PID
Process
Filename
Type
4996msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF135382.TMP
MD5:
SHA256:
4996msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF135392.TMP
MD5:
SHA256:
4996msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
4996msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF135392.TMP
MD5:
SHA256:
4996msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
4996msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF135392.TMP
MD5:
SHA256:
4996msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
4996msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
4996msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1353d0.TMP
MD5:
SHA256:
4996msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
46
TCP/UDP connections
322
DNS requests
352
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7156
svchost.exe
HEAD
200
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1734558021&P2=404&P3=2&P4=d6pfQh8KmMTwRgWZJBjeYREHbW09lLhcMFU6S%2fB3g39wPEF72hARUI4xgI8hvF5awbYKOESUWRgGDMPxlujtEA%3d%3d
unknown
whitelisted
7156
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1734558021&P2=404&P3=2&P4=d6pfQh8KmMTwRgWZJBjeYREHbW09lLhcMFU6S%2fB3g39wPEF72hARUI4xgI8hvF5awbYKOESUWRgGDMPxlujtEA%3d%3d
unknown
whitelisted
7156
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1734558021&P2=404&P3=2&P4=d6pfQh8KmMTwRgWZJBjeYREHbW09lLhcMFU6S%2fB3g39wPEF72hARUI4xgI8hvF5awbYKOESUWRgGDMPxlujtEA%3d%3d
unknown
whitelisted
7156
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1734558021&P2=404&P3=2&P4=d6pfQh8KmMTwRgWZJBjeYREHbW09lLhcMFU6S%2fB3g39wPEF72hARUI4xgI8hvF5awbYKOESUWRgGDMPxlujtEA%3d%3d
unknown
whitelisted
7156
svchost.exe
HEAD
200
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/02f67c87-8efa-4497-b038-547bdb928516?P1=1734676735&P2=404&P3=2&P4=ko2FuquCXAWMLkNQug66GX8pzzK8yKlO8TziYSY8ptkqLqeDK5g9vzqRDzm4QcndDWic7qhO8Yu24BOPfh9FKA%3d%3d
unknown
whitelisted
7908
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7156
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2ed1297e-f6c9-4355-aec4-433ea371b116?P1=1734365252&P2=404&P3=2&P4=B%2fOhnW0buCeGbVgDAXmN6jXX0qK0Tmx2Cn1j0ObsaXtywzIx%2btt7jnPvC4QKaHBlOYeY7Lj3fWTU5EF9lkI3lQ%3d%3d
unknown
whitelisted
7156
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1734558021&P2=404&P3=2&P4=d6pfQh8KmMTwRgWZJBjeYREHbW09lLhcMFU6S%2fB3g39wPEF72hARUI4xgI8hvF5awbYKOESUWRgGDMPxlujtEA%3d%3d
unknown
whitelisted
4536
svchost.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7156
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/02f67c87-8efa-4497-b038-547bdb928516?P1=1734676735&P2=404&P3=2&P4=ko2FuquCXAWMLkNQug66GX8pzzK8yKlO8TziYSY8ptkqLqeDK5g9vzqRDzm4QcndDWic7qhO8Yu24BOPfh9FKA%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4536
svchost.exe
2.16.241.12:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4536
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
2.23.209.149:443
www.bing.com
Akamai International B.V.
GB
whitelisted
5064
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4712
MoUsoCoreWorker.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
4996
msedge.exe
239.255.255.250:1900
whitelisted
6440
msedge.exe
104.21.73.227:443
waveexecutor.io
unknown

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 2.16.241.12
  • 2.16.241.19
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 95.101.149.131
whitelisted
google.com
  • 142.250.185.142
whitelisted
www.bing.com
  • 2.23.209.149
  • 2.23.209.133
  • 2.23.209.187
  • 2.23.209.182
  • 2.23.209.130
  • 92.123.104.33
  • 92.123.104.28
  • 92.123.104.29
  • 92.123.104.31
  • 92.123.104.21
  • 92.123.104.30
  • 92.123.104.22
  • 92.123.104.23
  • 92.123.104.32
  • 2.23.209.179
  • 2.23.209.140
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
waveexecutor.io
  • 104.21.73.227
  • 172.67.167.94
unknown
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain in DNS Lookup (download .mediafire .com)
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain in DNS Lookup (download .mediafire .com)
Process
Message
Bloxstrap.exe
You must install .NET to run this application. App: C:\Users\admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe Architecture: x64 App host version: 6.0.35 .NET location: Not found Learn about runtime installation: https://aka.ms/dotnet/app-launch-failed Download the .NET runtime: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.35
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://waveexecutor.io/download/