Analysis
-
max time kernel
146s -
max time network
152s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
06-06-2024 22:05
Behavioral task
behavioral1
Sample
SOSA.exe
Resource
win11-20240426-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
SOSA.pyc
Resource
win11-20240508-en
3 signatures
150 seconds
General
-
Target
SOSA.pyc
-
Size
14KB
-
MD5
29087598f55b19f875ba04c9ccf94ccf
-
SHA1
725ce1fd2149d36186a88289b49ded17be8d13e6
-
SHA256
685d53117ad5127cebb8f6423795f078caedacb6c2d4f2e26fe0bb2d4aa95f57
-
SHA512
8d1f207d45a5563d2b5a7132f8b157b4037c24afa3d875445d39415a0cc6fb636f92627317a794c104e4514c3c231bf53b7cc02fb04274cd16dcf69eedb18987
-
SSDEEP
192:uJ8x7+tkOU36SfmdMzjzZzHP+MBjGy/OKW70RYgl2zKwuHPu4uRWrFFFO:uJ8x7+tkOU36SfmdMzjzZ5jG0BKNQ8
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 3964 OpenWith.exe