Overview
overview
8Static
static
8Sora - Ope....1.exe
windows7-x64
8Sora - Ope....1.exe
windows10-2004-x64
8Sora - Ope...nc.dll
windows7-x64
1Sora - Ope...nc.dll
windows10-2004-x64
1Sora - Ope...z2.dll
windows7-x64
1Sora - Ope...z2.dll
windows10-2004-x64
1Sora - Ope...et.dll
windows7-x64
1Sora - Ope...et.dll
windows10-2004-x64
1Sora - Ope...rl.dll
windows7-x64
1Sora - Ope...rl.dll
windows10-2004-x64
1Sora - Ope...fo.dll
windows7-x64
1Sora - Ope...fo.dll
windows10-2004-x64
1Sora - Ope...d2.dll
windows7-x64
1Sora - Ope...d2.dll
windows10-2004-x64
1Sora - Ope...be.dll
windows7-x64
1Sora - Ope...be.dll
windows10-2004-x64
1Sora - Ope...ng.dll
windows7-x64
1Sora - Ope...ng.dll
windows10-2004-x64
1Sora - Ope...sl.dll
windows7-x64
1Sora - Ope...sl.dll
windows10-2004-x64
1Sora - Ope...te.dll
windows7-x64
1Sora - Ope...te.dll
windows10-2004-x64
1Sora - Ope...32.dll
windows7-x64
1Sora - Ope...32.dll
windows10-2004-x64
1Sora - Ope...h2.dll
windows7-x64
3Sora - Ope...h2.dll
windows10-2004-x64
3Sora - Ope...10.dll
windows7-x64
3Sora - Ope...10.dll
windows10-2004-x64
3Sora - Ope...hp.exe
windows7-x64
1Sora - Ope...hp.exe
windows10-2004-x64
1Sora - Ope...p5.dll
windows7-x64
1Sora - Ope...p5.dll
windows10-2004-x64
1Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
17-04-2024 01:02
Static task
static1
Behavioral task
behavioral1
Sample
Sora - OpenAi v1.1/Sora - OpenAi Beta v.1.1.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral2
Sample
Sora - OpenAi v1.1/Sora - OpenAi Beta v.1.1.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Sora - OpenAi v1.1/WDSync.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
Sora - OpenAi v1.1/WDSync.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Sora - OpenAi v1.1/__MACOSX/ext/php_bz2.dll
Resource
win7-20240319-en
windows7-x64
Behavioral task
behavioral6
Sample
Sora - OpenAi v1.1/__MACOSX/ext/php_bz2.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Sora - OpenAi v1.1/__MACOSX/ext/php_com_dotnet.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
Sora - OpenAi v1.1/__MACOSX/ext/php_com_dotnet.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Sora - OpenAi v1.1/__MACOSX/ext/php_curl.dll
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral10
Sample
Sora - OpenAi v1.1/__MACOSX/ext/php_curl.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Sora - OpenAi v1.1/__MACOSX/ext/php_fileinfo.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral12
Sample
Sora - OpenAi v1.1/__MACOSX/ext/php_fileinfo.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Sora - OpenAi v1.1/__MACOSX/ext/php_gd2.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
Sora - OpenAi v1.1/__MACOSX/ext/php_gd2.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Sora - OpenAi v1.1/__MACOSX/ext/php_ioncube.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral16
Sample
Sora - OpenAi v1.1/__MACOSX/ext/php_ioncube.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Sora - OpenAi v1.1/__MACOSX/ext/php_mbstring.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral18
Sample
Sora - OpenAi v1.1/__MACOSX/ext/php_mbstring.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Sora - OpenAi v1.1/__MACOSX/ext/php_openssl.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral20
Sample
Sora - OpenAi v1.1/__MACOSX/ext/php_openssl.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Sora - OpenAi v1.1/__MACOSX/ext/php_pdo_sqlite.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral22
Sample
Sora - OpenAi v1.1/__MACOSX/ext/php_pdo_sqlite.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Sora - OpenAi v1.1/__MACOSX/libeay32.dll
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral24
Sample
Sora - OpenAi v1.1/__MACOSX/libeay32.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Sora - OpenAi v1.1/__MACOSX/libssh2.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral26
Sample
Sora - OpenAi v1.1/__MACOSX/libssh2.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Sora - OpenAi v1.1/__MACOSX/msvcr110.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral28
Sample
Sora - OpenAi v1.1/__MACOSX/msvcr110.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Sora - OpenAi v1.1/__MACOSX/php.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
Sora - OpenAi v1.1/__MACOSX/php.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Sora - OpenAi v1.1/__MACOSX/php5.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral32
Sample
Sora - OpenAi v1.1/__MACOSX/php5.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
General
-
Target
Sora - OpenAi v1.1/__MACOSX/ext/php_com_dotnet.dll
-
Size
69KB
-
MD5
e6356bb0442e22f4c833c8f3faa12e54
-
SHA1
aa7867e7b0275e43b162a97ee9ff9417daa60887
-
SHA256
e7acc59480842e662351c2026f08ab67971ee33c34c663ce509a4c9473e643fa
-
SHA512
abdff0cac197d1fc73ddc74ce677556bd798e3e2c13f12eeb050785873dc43908f137d95f02f7eceac38dee39ed391b0b820837db97c7c0a96fa414c08ef7de1
-
SSDEEP
1536:hq0Y2tQjB+6/wUOQB3EXg2eQmtI79KB73pMN21R:hq0ntQjE6FzB3EZU73pMN+
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1692 wrote to memory of 1072 1692 rundll32.exe 28 PID 1692 wrote to memory of 1072 1692 rundll32.exe 28 PID 1692 wrote to memory of 1072 1692 rundll32.exe 28 PID 1692 wrote to memory of 1072 1692 rundll32.exe 28 PID 1692 wrote to memory of 1072 1692 rundll32.exe 28 PID 1692 wrote to memory of 1072 1692 rundll32.exe 28 PID 1692 wrote to memory of 1072 1692 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Sora - OpenAi v1.1\__MACOSX\ext\php_com_dotnet.dll",#11⤵
- Suspicious use of WriteProcessMemory
PID:1692 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Sora - OpenAi v1.1\__MACOSX\ext\php_com_dotnet.dll",#12⤵PID:1072
-