Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    06-06-2024 22:05

General

  • Target

    SOSA.pyc

  • Size

    14KB

  • MD5

    29087598f55b19f875ba04c9ccf94ccf

  • SHA1

    725ce1fd2149d36186a88289b49ded17be8d13e6

  • SHA256

    685d53117ad5127cebb8f6423795f078caedacb6c2d4f2e26fe0bb2d4aa95f57

  • SHA512

    8d1f207d45a5563d2b5a7132f8b157b4037c24afa3d875445d39415a0cc6fb636f92627317a794c104e4514c3c231bf53b7cc02fb04274cd16dcf69eedb18987

  • SSDEEP

    192:uJ8x7+tkOU36SfmdMzjzZzHP+MBjGy/OKW70RYgl2zKwuHPu4uRWrFFFO:uJ8x7+tkOU36SfmdMzjzZ5jG0BKNQ8

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\SOSA.pyc
    1⤵
    • Modifies registry class
    PID:3152
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads