108c88858bfe52105c794b58d89d423940e7a1a3a2a4502c1a327672defeae09 | Triage

Resubmissions

03-05-2024 18:18

240503-wxm1jsfg93 3

03-05-2024 18:16

240503-wwmy6acg9v 3

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
03-05-2024 18:16

Sharing

Report Analysis Logs

General

Target

Solara.exe
Size

87KB
MD5

c61ea149a799fad804a6b157a48b713a
SHA1

36212a1cd7b3cd2d3909d28fcac482977fdc2214
SHA256

108c88858bfe52105c794b58d89d423940e7a1a3a2a4502c1a327672defeae09
SHA512

5cd298aea469b0d30f84ee04a20077a4bd7ca6c500e07f02d476730442a7e1623dd3ba84615151c949e7966a1fb07c2ea8a14b9aa9086db443051248dded8224
SSDEEP

1536:luWT5UfP85Az9I3BbbHVlnOXrPBdfeIScnVl801AbcsqD95wSxdRfBq:luWmn85AxMbb1lnOXrPXe7thq5Z5q

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2612	2072	Solara.exe	28
PID 2072 wrote to memory of 2612	2072	Solara.exe	28
PID 2072 wrote to memory of 2612	2072	Solara.exe	28

C:\Users\Admin\AppData\Local\Temp\Solara.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2072 -s 620
  2⤵
  PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2072-0-0x000007FEF5C93000-0x000007FEF5C94000-memory.dmp

Filesize
4KB

Download
memory/2072-1-0x000000013FEC0000-0x000000013FEDA000-memory.dmp

Filesize
104KB

Download
memory/2072-2-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp

Filesize
9.9MB

Download
memory/2072-3-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp

Filesize
9.9MB

Download