203b1ecdbcd0747b3c8e3fdd19a92e49a7e35054ae85b615b12eb8cb7248bed0

Analysis

max time kernel
125s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 09:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SOSA.exe
Size

6.4MB
MD5

4ecd7183076c4d8229664cee5199dde1
SHA1

a5902727332c61356128a6f6492798e26535fd82
SHA256

203b1ecdbcd0747b3c8e3fdd19a92e49a7e35054ae85b615b12eb8cb7248bed0
SHA512

5895136dcc5439b2c8de03d0f80cdf9f1c1236eb1dcead39179d16d706dbae45ae5dcff442e1f4cab6d4005eeba7e1b1699c81184f55a3414ec858cf312cf92c
SSDEEP

196608:3d9YF1S+DfyGz21X5Sp6GemDMPwuWA9Plae:HYvDfD6pfaMPfzae

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

Processes:

SOSA.exe

pid process

1120 SOSA.exe
1120 SOSA.exe
1120 SOSA.exe
1120 SOSA.exe

pid	process
1120	SOSA.exe
1120	SOSA.exe
1120	SOSA.exe
1120	SOSA.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

SOSA.exeSOSA.exe

description	pid	process	target process
PID 2800 wrote to memory of 1120	2800	SOSA.exe	SOSA.exe
PID 2800 wrote to memory of 1120	2800	SOSA.exe	SOSA.exe
PID 1120 wrote to memory of 536	1120	SOSA.exe	cmd.exe
PID 1120 wrote to memory of 536	1120	SOSA.exe	cmd.exe
PID 1120 wrote to memory of 2988	1120	SOSA.exe	cmd.exe
PID 1120 wrote to memory of 2988	1120	SOSA.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\SOSA.exe
"C:\Users\Admin\AppData\Local\Temp\SOSA.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2800

C:\Users\Admin\AppData\Local\Temp\SOSA.exe
"C:\Users\Admin\AppData\Local\Temp\SOSA.exe"
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1120

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls & title SOSA CARD GEN BY lcm_2080
3⤵
PID:536

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:2988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4340,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=4036 /prefetch:8
1⤵
PID:3396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI28002\VCRUNTIME140.dll
Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28002\_bz2.pyd
Filesize
82KB

MD5
a62207fc33140de460444e191ae19b74

SHA1
9327d3d4f9d56f1846781bcb0a05719dea462d74

SHA256
ebcac51449f323ae3ae961a33843029c34b6a82138ccd9214cf99f98dd2148c2

SHA512
90f9db9ee225958cb3e872b79f2c70cb1fd2248ebaa8f3282afff9250285852156bf668f5cfec49a4591b416ce7ebaaac62d2d887152f5356512f2347e3762b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28002\_ctypes.pyd
Filesize
120KB

MD5
9b344f8d7ce5b57e397a475847cc5f66

SHA1
aff1ccc2608da022ecc8d0aba65d304fe74cdf71

SHA256
b1214d7b7efd9d4b0f465ec3463512a1cbc5f59686267030f072e6ce4b2a95cf

SHA512
2b0d9e1b550bf108fa842324ab26555f2a224aefff517fdb16df85693e05adaf0d77ebe49382848f1ec68dc9b5ae75027a62c33721e42a1566274d1a2b1baa41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28002\_decimal.pyd
Filesize
247KB

MD5
692c751a1782cc4b54c203546f238b73

SHA1
a103017afb7badaece8fee2721c9a9c924afd989

SHA256
c70f05f6bc564fe400527b30c29461e9642fb973f66eec719d282d3d0b402f93

SHA512
1b1ad0ca648bd50ce6e6af4be78ad818487aa336318b272417a2e955ead546c9e0864b515150cd48751a03ca8c62f9ec91306cda41baea52452e3fcc24d57d39

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28002\_hashlib.pyd
Filesize
63KB

MD5
787b82d4466f393366657b8f1bc5f1a9

SHA1
658639cddda55ac3bfc452db4ec9cf88851e606b

SHA256
241322647ba9f94bdc3ae387413ffb57ae14c8cf88bd564a31fe193c6ca43e37

SHA512
afcf66962958f38eec8b591aa30d380eb0e1b41028836058ff91b4d1472658de9fba3262f5c27ba688bd73da018e938f398e45911cd37584f623073067f575b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28002\_lzma.pyd
Filesize
155KB

MD5
0c7ea68ca88c07ae6b0a725497067891

SHA1
c2b61a3e230b30416bc283d1f3ea25678670eb74

SHA256
f74aaf0aa08cf90eb1eb23a474ccb7cb706b1ede7f911daf7ae68480765bdf11

SHA512
fd52f20496a12e6b20279646663d880b1354cffea10793506fe4560ed7da53e4efba900ae65c9996fbb3179c83844a9674051385e6e3c26fb2622917351846b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28002\_socket.pyd
Filesize
77KB

MD5
26dd19a1f5285712068b9e41808e8fa0

SHA1
90c9a112dd34d45256b4f2ed38c1cbbc9f24dba5

SHA256
eaabf6b78840daeaf96b5bdbf06adf0e4e2994dfeee5c5e27fefd824dbda5220

SHA512
173e1eda05d297d7da2193e8566201f05428437adcac80aecefe80f82d46295b15ce10990b5c080325dc59a432a587eef84a15ec688a62b82493ad501a1e4520

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28002\base_library.zip
Filesize
1.4MB

MD5
6d46c3fdbf9b6f1fddf25e7cc9dd9a46

SHA1
67577a1d4eba38ce730e1fea829b88aed8032d87

SHA256
9e5701bd796e5f95bf1e6b4faecfdefc8e77a92fc7639d0be729818c8eafe2a7

SHA512
93d4e630c513d5fa2f7b3726d114158ceba55f4d3d60c248382e30c69f3c3e3edb890363e017e6b1ef6af61b62a82320818484e7018d96c586e861200334e98f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28002\libcrypto-1_1.dll
Filesize
3.3MB

MD5
9d7a0c99256c50afd5b0560ba2548930

SHA1
76bd9f13597a46f5283aa35c30b53c21976d0824

SHA256
9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939

SHA512
cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28002\libffi-8.dll
Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28002\python311.dll
Filesize
5.5MB

MD5
e2bd5ae53427f193b42d64b8e9bf1943

SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f

SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28002\select.pyd
Filesize
29KB

MD5
756c95d4d9b7820b00a3099faf3f4f51

SHA1
893954a45c75fb45fe8048a804990ca33f7c072d

SHA256
13e4d9a734a453a3613e11b6a518430099ad7e3d874ea407d1f9625b7f60268a

SHA512
0f54f0262cf8d71f00bf5666eb15541c6ecc5246cd298efd3b7dd39cdd29553a8242d204c42cfb28c537c3d61580153200373c34a94769f102b3baa288f6c398

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28002\unicodedata.pyd
Filesize
1.1MB

MD5
58f7988b50cba7b793884f580c7083e1

SHA1
d52c06b19861f074e41d8b521938dee8b56c1f2e

SHA256
e36d14cf49ca2af44fae8f278e883341167bc380099dac803276a11e57c9cfa1

SHA512
397fa46b90582f8a8cd7df23b722204c38544717bf546837c45e138b39112f33a1850be790e248fca5b5ecd9ed7c91cd1af1864f72717d9805c486db0505fb9c

Download Submit