ee830379ce7b2d84d543adb9a63686fc2d7ec1b176750eb67c6aacc5a7459d72

Analysis

max time kernel
15s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-11-2024 14:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SOSA_CARD_GEN.exe
Size

39.5MB
MD5

39774c3b7261ed87aad4d8d8372a0faa
SHA1

39bf2f0eafb3e8f3307ae030cf8c26e72e924c0e
SHA256

ee830379ce7b2d84d543adb9a63686fc2d7ec1b176750eb67c6aacc5a7459d72
SHA512

c7a55996f496128ff687de88a729dc96da16990943e0d0021a6b4d8822d6c7e9fc4c72277c652725aae332255876b517a59fd451c12dbea828366c5810baa7bf
SSDEEP

786432:qzO7gOOX/O7M0wPYzCY6JKRDh7E4C8xfSVvtOA4bgz65h:SigOOXG7M0jU4DhQ4UVFObbce

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2356	Stub.exe

Loads dropped DLL 2 IoCs

pid	Process
2524	SOSA_CARD_GEN.exe
2356	Stub.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2356	2524	SOSA_CARD_GEN.exe	30
PID 2524 wrote to memory of 2356	2524	SOSA_CARD_GEN.exe	30
PID 2524 wrote to memory of 2356	2524	SOSA_CARD_GEN.exe	30

C:\Users\Admin\AppData\Local\Temp\SOSA_CARD_GEN.exe
"C:\Users\Admin\AppData\Local\Temp\SOSA_CARD_GEN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Users\Admin\AppData\Local\Temp\onefile_2524_133769319917216000\Stub.exe
  C:\Users\Admin\AppData\Local\Temp\SOSA_CARD_GEN.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2524_133769319917216000\python310.dll

Filesize
4.3MB

MD5
e4533934b37e688106beac6c5919281e

SHA1
ada39f10ef0bbdcf05822f4260e43d53367b0017

SHA256
2bf761bae584ba67d9a41507b45ebd41ab6ae51755b1782496d0bc60cc1d41d5

SHA512
fa681a48ddd81854c9907026d4f36b008e509729f1d9a18a621f1d86cd1176c1a1ff4f814974306fa4d9e3886e2ce112a4f79b66713e1401f5dae4bcd8b898b9

Download Submit
memory/2356-34-0x000000013F480000-0x0000000144EC2000-memory.dmp

Filesize
90.3MB

Download
memory/2524-63-0x000000013F200000-0x00000001419B4000-memory.dmp

Filesize
39.7MB

Download