108c88858bfe52105c794b58d89d423940e7a1a3a2a4502c1a327672defeae09 | Triage

Analysis

max time kernel
16s
max time network
16s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 17:18

Sharing

Report Analysis Logs

General

Target

Solara.exe
Size

87KB
MD5

c61ea149a799fad804a6b157a48b713a
SHA1

36212a1cd7b3cd2d3909d28fcac482977fdc2214
SHA256

108c88858bfe52105c794b58d89d423940e7a1a3a2a4502c1a327672defeae09
SHA512

5cd298aea469b0d30f84ee04a20077a4bd7ca6c500e07f02d476730442a7e1623dd3ba84615151c949e7966a1fb07c2ea8a14b9aa9086db443051248dded8224
SSDEEP

1536:luWT5UfP85Az9I3BbbHVlnOXrPBdfeIScnVl801AbcsqD95wSxdRfBq:luWmn85AxMbb1lnOXrPXe7thq5Z5q

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2332	2320	Solara.exe	28
PID 2320 wrote to memory of 2332	2320	Solara.exe	28
PID 2320 wrote to memory of 2332	2320	Solara.exe	28

C:\Users\Admin\AppData\Local\Temp\Solara.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2320 -s 616
  2⤵
  PID:2332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2320-0-0x000007FEF52B3000-0x000007FEF52B4000-memory.dmp

Filesize
4KB

Download
memory/2320-1-0x000000013F0D0000-0x000000013F0EA000-memory.dmp

Filesize
104KB

Download
memory/2320-2-0x000007FEF52B0000-0x000007FEF5C9C000-memory.dmp

Filesize
9.9MB

Download