e06623cc4bc2227bd3aeeced3758776051feee79102ad9f8cf79f1575f6d2e7e

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 04:42

Target

Soda.v1.4.exe
Size

8.6MB
MD5

3eba7aed5636cffd9b8b8a3780870db3
SHA1

e843680db1eccde091cd8ed10c4e65f91472ca5e
SHA256

e06623cc4bc2227bd3aeeced3758776051feee79102ad9f8cf79f1575f6d2e7e
SHA512

20a0aa5dec7b1ff9c9ac169690e316bd4edf8bc3402f19301c79960999c1cc75a0b6845642d90fb7b09bcbef2bbec076c84da387630ebd7a627a34e649c3ff49
SSDEEP

196608:Rd25AeEgAkBNcfdQmRJ8dA6lMfCy1ArqkVpKCX+PrF4ZUeghyTpRED6:G5tElvfdQuslMfrAZYCuPJOUegSQ

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2796	Soda.v1.4.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 2796	1508	Soda.v1.4.exe	32
PID 1508 wrote to memory of 2796	1508	Soda.v1.4.exe	32
PID 1508 wrote to memory of 2796	1508	Soda.v1.4.exe	32

C:\Users\Admin\AppData\Local\Temp\Soda.v1.4.exe
"C:\Users\Admin\AppData\Local\Temp\Soda.v1.4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Users\Admin\AppData\Local\Temp\Soda.v1.4.exe
  "C:\Users\Admin\AppData\Local\Temp\Soda.v1.4.exe"
  2⤵
  - Loads dropped DLL
  PID:2796

C:\Users\Admin\AppData\Local\Temp\_MEI15082\python310.dll

Filesize
4.3MB

MD5
54f8267c6c116d7240f8e8cd3b241cd9

SHA1
907b965b6ce502dad59cde70e486eb28c5517b42

SHA256
c30589187be320bc8e65177aeb8dc1d39957f7b7dcda4c13524dd7f436fb0948

SHA512
f6c865c8276fe1a1a0f3267b89fb6745a3fc82972032280dce8869006feb2b168516e017241a0c82bdae0f321fab388523691769f09a502fc3bd530c1c4cacf1

Download Submit