688ff222184305ed8969f1b24620f4a113682fad5b79b0cc2650229d3c25aaaa

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-02-2024 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

soplive-v3.0.exe
Size

1.1MB
MD5

58c262fe3781ddbd9308ade800125d0f
SHA1

1077de760e8fea9f0b28cdae66de4b2bc602b56b
SHA256

cf89f0a8cd6aa2dd5f2b684e051b8f60ed20da0c5d08b42ea3838d76f5411191
SHA512

b7fe01510e05497366dc1da778db962ba0d8d65a31d0dd651dca0b74e1a3a66aff3943fed95d95bbf56433e4e8706e9946f16bce9c7e3da871d2898919350d76
SSDEEP

24576:ez2WIsE0y+Wh2KEf11hpuNk77ZXZAcYS90wta:SA7REf1rpuNk/ZpA9Szs

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2004	setup.exe

Loads dropped DLL 6 IoCs

pid	Process
2664	soplive-v3.0.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe

Suspicious use of SetWindowsHookEx 40 IoCs

pid	Process
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe
2004	setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 2004	2664	soplive-v3.0.exe	28
PID 2664 wrote to memory of 2004	2664	soplive-v3.0.exe	28
PID 2664 wrote to memory of 2004	2664	soplive-v3.0.exe	28
PID 2664 wrote to memory of 2004	2664	soplive-v3.0.exe	28
PID 2664 wrote to memory of 2004	2664	soplive-v3.0.exe	28
PID 2664 wrote to memory of 2004	2664	soplive-v3.0.exe	28
PID 2664 wrote to memory of 2004	2664	soplive-v3.0.exe	28

C:\Users\Admin\AppData\Local\Temp\soplive-v3.0.exe
"C:\Users\Admin\AppData\Local\Temp\soplive-v3.0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Users\Admin\AppData\Local\Temp\~esetup\setup.exe
  C:\Users\Admin\AppData\Local\Temp\~esetup\setup.exe setup.dat
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~esetup\krnln.fnr

Filesize
1.0MB

MD5
44e2ca67c060fbe3dc0d030149f5a478

SHA1
5df61eb626bc3849893701942114609c1086d496

SHA256
6ced19283dbbb95f264448f380592f4e98ba8228efca2f68821ab3ae61029d93

SHA512
1a348c7585d78dd68c1d0e059ea1d7cea57c1aeff734f834f75025719b9fdd0e9bb16aebe75e15502a1b83106387eaa9493b8990999e0a68b62c1afdbc8cf45e

Download Submit
C:\Users\Admin\AppData\Local\Temp\~esetup\setup.dat

Filesize
954KB

MD5
6b0cd1f1682314de5913c02b5100e8db

SHA1
ae7e771f02589586865a757a541df0c22d96577f

SHA256
bfb15c72b998bc9a5cedea0270fc7b4035e1ad6d465c088b8d904b6d4c19bafd

SHA512
80c8037abade6f6f549418b27b191bac32bb598751d4e728583a7b79a06f959279ef8c4d0ce791c119888474df9c6d883bcd04bf8bd74997c379053dfd6f785c

Download Submit
C:\Users\Admin\AppData\Local\Temp\~esetup\xplib.fne

Filesize
80KB

MD5
8f385e7c8cf1f8ebdae0448473977cc7

SHA1
942bf465e29a5e5f85580eb30aa9510b92f802d7

SHA256
d1a1c6bac6a498adccdafab9d600a372aa9d5b826a33cfa06aaa9f75357c5b23

SHA512
2372a8857591b829763cacbdfc0cf3d4884598c5f1c43f0815257cb7fb3b2c93b60b1027480e1d5a93bbc6eba054328d8d2b4997c7d81a5360811f8f1eecafa1

Download Submit
\Users\Admin\AppData\Local\Temp\~esetup\setup.exe

Filesize
44KB

MD5
2b1a4163d841e32d4ef21a90b23226ae

SHA1
f8e071e9776747a918888a91ad78f57d711d6b02

SHA256
1b5946c685c90a361c6494f95f6027e66a208733434aaa51e2d98a06b9a99eb7

SHA512
98692da4afe72dc7b6cd9724ff5ef43262af1886d2e503296f87e06a7fa7abeb069d2ed2f708c33ff763628fa65b1fdb59851d94ba4f3142bb9c526931bd836a

Download Submit
memory/2004-13-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2004-18-0x0000000000020000-0x000000000002E000-memory.dmp

Filesize
56KB

Download
memory/2004-19-0x0000000000020000-0x000000000002E000-memory.dmp

Filesize
56KB

Download
memory/2004-24-0x00000000002A0000-0x00000000002B4000-memory.dmp

Filesize
80KB

Download
memory/2004-25-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2004-26-0x0000000000020000-0x000000000002E000-memory.dmp

Filesize
56KB

Download
memory/2004-27-0x0000000000020000-0x000000000002E000-memory.dmp

Filesize
56KB

Download
memory/2664-9-0x0000000000220000-0x000000000022E000-memory.dmp

Filesize
56KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads