203b1ecdbcd0747b3c8e3fdd19a92e49a7e35054ae85b615b12eb8cb7248bed0 | Triage

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 09:33

Sharing

Report Analysis Logs

General

Target

SOSA.exe
Size

6.4MB
MD5

4ecd7183076c4d8229664cee5199dde1
SHA1

a5902727332c61356128a6f6492798e26535fd82
SHA256

203b1ecdbcd0747b3c8e3fdd19a92e49a7e35054ae85b615b12eb8cb7248bed0
SHA512

5895136dcc5439b2c8de03d0f80cdf9f1c1236eb1dcead39179d16d706dbae45ae5dcff442e1f4cab6d4005eeba7e1b1699c81184f55a3414ec858cf312cf92c
SSDEEP

196608:3d9YF1S+DfyGz21X5Sp6GemDMPwuWA9Plae:HYvDfD6pfaMPfzae

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

SOSA.exe

pid process

2292 SOSA.exe
Suspicious use of WriteProcessMemory 3 IoCs

Processes:

SOSA.exe

description pid process target process

PID 2840 wrote to memory of 2292 2840 SOSA.exe SOSA.exe
PID 2840 wrote to memory of 2292 2840 SOSA.exe SOSA.exe
PID 2840 wrote to memory of 2292 2840 SOSA.exe SOSA.exe

C:\Users\Admin\AppData\Local\Temp\SOSA.exe
"C:\Users\Admin\AppData\Local\Temp\SOSA.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2840

C:\Users\Admin\AppData\Local\Temp\SOSA.exe
"C:\Users\Admin\AppData\Local\Temp\SOSA.exe"
2⤵
- Loads dropped DLL
PID:2292

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI28402\python311.dll
Filesize
5.5MB

MD5
e2bd5ae53427f193b42d64b8e9bf1943

SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f

SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

Download Submit