94c0a9f4adcb87a5705f7ad0776b27ee6471131f21fadad162de21590669f649

Resubmissions

01/02/2024, 06:25

240201-g6tgcsdbc5 10

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/02/2024, 06:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

soan2/soan.exe
Size

17.9MB
MD5

635d67c69491f54b4eb2023bda710e40
SHA1

ba804971c0157a44976eb6f68807cea229003219
SHA256

0e74ad9b6f3e77c13cc818d7151403d85ed94d669157150ffe97d8d889c14b72
SHA512

46fdac407f01d9f1f3c444a2a1a47ce7a39fe60fb56044bcedd6f593c5f63a6ba8e5212973b6118031efd9b3afe824dabf600878e773bfe711ff971e0e668223
SSDEEP

393216:EqC2DlnfBfFZNRwSo67W+eGQRCMTozGxu8C0ibfz6eKk7M1bmXiWCNi:EcD1fBfFXR667W+e5RLoztZ026eKkiFi

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
276	soan.exe
276	soan.exe
276	soan.exe
276	soan.exe
276	soan.exe
276	soan.exe
276	soan.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
276	soan.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 276	3060	soan.exe	29
PID 3060 wrote to memory of 276	3060	soan.exe	29
PID 3060 wrote to memory of 276	3060	soan.exe	29

C:\Users\Admin\AppData\Local\Temp\soan2\soan.exe
"C:\Users\Admin\AppData\Local\Temp\soan2\soan.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Users\Admin\AppData\Local\Temp\soan2\soan.exe
  "C:\Users\Admin\AppData\Local\Temp\soan2\soan.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:276

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI30602\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
bcb8b9f6606d4094270b6d9b2ed92139

SHA1
bd55e985db649eadcb444857beed397362a2ba7b

SHA256
fa18d63a117153e2ace5400ed89b0806e96f0627d9db935906be9294a3038118

SHA512
869b2b38fd528b033b3ec17a4144d818e42242b83d7be48e2e6da6992111758b302f48f52e0dd76becb526a90a2b040ce143c6d4f0e009a513017f06b9a8f2b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30602\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
bfffa7117fd9b1622c66d949bac3f1d7

SHA1
402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

SHA256
1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

SHA512
b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30602\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
20ddf543a1abe7aee845de1ec1d3aa8e

SHA1
0eaf5de57369e1db7f275a2fffd2d2c9e5af65bf

SHA256
d045a72c3e4d21165e9372f76b44ff116446c1e0c221d9cea3ab0a1134a310e8

SHA512
96dd48df315a7eea280ca3da0965a937a649ee77a82a1049e3d09b234439f7d927d7fb749073d7af1b23dadb643978b70dcdadc6c503fe850b512b0c9c1c78dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30602\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
4380d56a3b83ca19ea269747c9b8302b

SHA1
0c4427f6f0f367d180d37fc10ecbe6534ef6469c

SHA256
a79c7f86462d8ab8a7b73a3f9e469514f57f9fe456326be3727352b092b6b14a

SHA512
1c29c335c55f5f896526c8ee0f7160211fd457c1f1b98915bcc141112f8a730e1a92391ab96688cbb7287e81e6814cc86e3b057e0a6129cbb02892108bfafaf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30602\python312.dll

Filesize
185KB

MD5
cfce274db38867f4884bd10cc38e1026

SHA1
c16b1265d58f29aac9df43a6e1e705b7d5d75eeb

SHA256
2ba666b3db1297a483132634c35a9cdf5160858532066fd8f51ba4c9c2f66aa5

SHA512
52523b2a4d74a8b0ff20b3f066e7d2c09e0ce342ee64b4f91fbd75679589e82b4aa39affdca9b569d7b07553c6cf1403a1f2455ef9bf3cd5f0dcfc3c3b26cb2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30602\ucrtbase.dll

Filesize
485KB

MD5
34c83267b921106f9e99788c967f66a8

SHA1
811692047e12e8e83a349da9b3a944ca6491add9

SHA256
1b63211cf021c531eebb4c44ded9ea7f91582ba1d366240b043842f90c80f516

SHA512
bed5bfa2c326a6c895d52ba33d8ec426b4e3c20707bb0a573109fbb7f52b37eee77acf97800ec4fb640b5af549ee2ab0fc393606fcc10f276992ddefe20940c0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI30602\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
2554060f26e548a089cab427990aacdf

SHA1
8cc7a44a16d6b0a6b7ed444e68990ff296d712fe

SHA256
5ab003e899270b04abc7f67be953eaccf980d5bbe80904c47f9aaf5d401bb044

SHA512
fd4d5a7fe4da77b0222b040dc38e53f48f7a3379f69e2199639b9f330b2e55939d89ce8361d2135182b607ad75e58ee8e34b90225143927b15dcc116b994c506

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI30602\python312.dll

Filesize
54KB

MD5
615ef952bd43dbe31b1a24ea532a2181

SHA1
c967c14ba92ae4e762fbcb62735a2881ae52ed23

SHA256
640e03299085264cd35ad6e55533d7ccbca802e4a8969c371ef0e9b50df74b12

SHA512
4af3fb9c8bc70773102895e64f094ab887050d0ba432914db704796a6764ad76e7b3030a1560483d5689d138707ee09f236da44055104b6926e4842f10bae4d0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI30602\ucrtbase.dll

Filesize
560KB

MD5
4db2c7bf4fc60a9ebb063d2d7f27d096

SHA1
f042aa51d88e6506fe415e4741dba6f15f3d79b1

SHA256
70979e1ddeaf1d1e44a50ed590df66bf7957b76cd04c4e9e14722ccc0c8366d5

SHA512
f2fa214b5ba1995af4e20ccd18a31c684922dc3592f8716151e675a2522d863224a28ea501ae075c08f8f3d0187c507c6b3c3f00f04b8d2ca8c6d54a179ceb6a

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads