Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
111s -
max time network
109s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
15/05/2024, 10:37
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://ryosx.cc/
Resource
win10v2004-20240508-en
General
-
Target
https://ryosx.cc/
Malware Config
Extracted
redline
194.26.232.43:20746
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
resource yara_rule behavioral1/memory/1716-203-0x0000000000500000-0x0000000000552000-memory.dmp family_redline -
Executes dropped EXE 1 IoCs
pid Process 3592 Solara_Launcher.exe -
Loads dropped DLL 1 IoCs
pid Process 3592 Solara_Launcher.exe -
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 3592 set thread context of 1716 3592 Solara_Launcher.exe 119 -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133602430481965208" chrome.exe -
Suspicious behavior: EnumeratesProcesses 56 IoCs
pid Process 1696 chrome.exe 1696 chrome.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 1716 MSBuild.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe Token: SeShutdownPrivilege 1696 chrome.exe Token: SeCreatePagefilePrivilege 1696 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 4360 7zG.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 1696 chrome.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe 3624 taskmgr.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1696 wrote to memory of 3548 1696 chrome.exe 89 PID 1696 wrote to memory of 3548 1696 chrome.exe 89 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 4940 1696 chrome.exe 91 PID 1696 wrote to memory of 3248 1696 chrome.exe 92 PID 1696 wrote to memory of 3248 1696 chrome.exe 92 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93 PID 1696 wrote to memory of 3604 1696 chrome.exe 93
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ryosx.cc/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1696 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbbd9ab58,0x7fffbbd9ab68,0x7fffbbd9ab782⤵PID:3548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1872,i,15091174327468107583,11009672389525182509,131072 /prefetch:22⤵PID:4940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1872,i,15091174327468107583,11009672389525182509,131072 /prefetch:82⤵PID:3248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1872,i,15091174327468107583,11009672389525182509,131072 /prefetch:82⤵PID:3604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1872,i,15091174327468107583,11009672389525182509,131072 /prefetch:12⤵PID:5012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1872,i,15091174327468107583,11009672389525182509,131072 /prefetch:12⤵PID:2308
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 --field-trial-handle=1872,i,15091174327468107583,11009672389525182509,131072 /prefetch:82⤵PID:1020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4296 --field-trial-handle=1872,i,15091174327468107583,11009672389525182509,131072 /prefetch:82⤵PID:3752
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3904 --field-trial-handle=1872,i,15091174327468107583,11009672389525182509,131072 /prefetch:12⤵PID:1564
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4260 --field-trial-handle=1872,i,15091174327468107583,11009672389525182509,131072 /prefetch:82⤵PID:1812
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1872,i,15091174327468107583,11009672389525182509,131072 /prefetch:82⤵PID:4332
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1184
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4224,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=4100 /prefetch:81⤵PID:3560
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4952
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\S 0 l a r a BETA V3.1\README.txt1⤵PID:1216
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\S 0 l a r a BETA V3.1\SolaraBETA3\" -spe -an -ai#7zMap29554:128:7zEvent200621⤵
- Suspicious use of FindShellTrayWindow
PID:4360
-
C:\Users\Admin\Downloads\S 0 l a r a BETA V3.1\SolaraBETA3\Solara_Launcher.exe"C:\Users\Admin\Downloads\S 0 l a r a BETA V3.1\SolaraBETA3\Solara_Launcher.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:3592 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1716
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3624
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
288B
MD5c01a43bd34a4ed4c17d38069044d51c3
SHA1fc19ed86f09d022e31691836a458697cb725d10e
SHA25624728225469645dcca29c14b1e62316198a6bca69bb53652aa695f7c9da6eabb
SHA512078b26e752d877bc614a48be4628076869cc78e9380033c9babb0e5277ce28b03c616ef7fcc0e9c36c6a0655cc7419a0b2f801335f7e0391e4bbc6d0f12ee4ae
-
Filesize
20KB
MD5fcc46a881670b0dea918df623549057d
SHA145c35f299d0811294459f0ffc1c143b13530c04e
SHA2560c0d46b6f4cf6fb17a6d5775cff76b06319b4bbe2d168b7ae42e2dd6df92459d
SHA5123a19753007b15e878eec91389802185af883377aa09a0ae3ec59e4ee2b936954a2e82beece3ea3c039db8394ff426fa0bf7af32d491664597aec1d78b0858282
-
Filesize
5KB
MD52bb07463726110bf710a1bba763cbe46
SHA1147f398d35d311231809d3b173444c96b73aa5b1
SHA25642e1dce515ebc80b2b8e49ef14ed92694c3e84f4d6c8c57b79867b31b9fdb614
SHA5120925daebb500aa0643df4191643639eb58edcd88ba252f186fa35e22e9a12851b96bb5a2add29b1efd87f96fe34d16b5c4c72d646221d8d3f39ed6ec83185b93
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
524B
MD5bb2a1e83106666461bd45d23c1a08041
SHA137be56c28e6be082c3f5be0bd2fcd2e5bd57404f
SHA25646edfb2051b5485a35d8effc126540918acbcf11e16fb1256931446f09a9c927
SHA5127f94a07cbe334fe4f3e44bb9fa83091f6ad8384837c60e1eb75fdc6b372281610845f52b0d8caa1c68b06f903f51480314d32e140ea03d265b5a17a00323389d
-
Filesize
1KB
MD5352fb88b9e733ea98b481b13d46ac0ca
SHA168b99d326afd17e7d34d06c39055326dc8be5baf
SHA256acdedbc8f1578ee8d1c4df8f9ad25a75ab9fdf818b980be9be9f9ca6376d5932
SHA5120f366fdc7026f0b67ebad8131552519985d67e840c5eb807cc3d2eee0c834257625acbee51100d98682fc3f0f8027602ace3459aceb56f46946ba85d92685ccc
-
Filesize
7KB
MD50a712793f66f6c1261a60a95b2a25fe1
SHA1f1ebac6fee11735fa9945821560d25977a808f8f
SHA2562ffedd237c681d4aedd34ab466d80a34c715e1e8ac74c41582b8f36e745d782f
SHA51207a09048137f99a27b3b249de71d4132801459203b352667270fb803fc23ed83f72e0a4e089f24421e79668c146f4dc3ce85516c6a67e8b2e0c283ab4be021a5
-
Filesize
7KB
MD58091d50fa8e6dbf2d48722b3f84cdfd1
SHA15e2bd5d03107aea6c00fc621bb21af47e3297528
SHA2564f931064a19f793045fd6a88afa11168170a1ea548f22b8272f42685987c8c09
SHA51256b52b564e41a8c4280226380663ca7c895aca9b1a22aab592c2727b74af2c0579a80ebee3e42e67c99f7113cb1e0b924aa0f557cab769c8ec5682cce059485b
-
Filesize
7KB
MD5bb83355a2bad9ecc4018b8b03527f93f
SHA1bd89a3fba56e3b66221dd4935e07908557519e87
SHA256a8f7db99b67b78a2ea67b30dabe373088eb1ab079f0c41040706f128bed69f1f
SHA512a0f5c85cab2169a7369e4994346aa65ea937fd8e4f6b8ca5888ccbc430ade9e5ec3c50c12c25d976e8df5f8b147f7959793471688aa07ad9bb03a8126dad3f6a
-
Filesize
255KB
MD5db5202e8f582b0f4d78884f12ef8f002
SHA1dbf21f89c5cc5af512c08151450aef9a6936bacb
SHA256b96ef69279314a851c2756f24eab60f439dbfb208573f0191074b55263bd5ce0
SHA512a31249353b8a427bd176fb7b37fbd828487102477071249518f327f580ce3aaf47a143a450a9fc31fe1e32d2937359cf0de66d3c9337fb6076ebe8f17f772a73
-
Filesize
255KB
MD522be28ca09100bbd0e54aea3c9910a79
SHA1ba61b4ff301e49287fa4893fc78ceff595244088
SHA256a921a87be73ea08bef001fe50d89931b35defd4a9e57a2032e15fac6e1c57f6f
SHA512553b0568ee863c3cac81d22052728d7f5211b6d5a8dff9aef4d339a2b292283990c86e4f7805c22d3bb2920eaf412537981737aee808a3c519d08c27edc675ef
-
Filesize
2KB
MD51420d30f964eac2c85b2ccfe968eebce
SHA1bdf9a6876578a3e38079c4f8cf5d6c79687ad750
SHA256f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9
SHA5126fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8
-
Filesize
404KB
MD53daeae42f33f7a9422b603b47ec8ed5c
SHA181488dfda1303e9aca9ad54675525a2e18ce32a7
SHA25621448d6058ac5ed364ae902dde6a9f29dfa514e48a371d12df74ad765813cc63
SHA512293b0cc29a81c8e68136b3665ad6b0e2bd770fec818063264b4f36b86f64bf6e9bc768f9cf9cff65aed5ff78ffac75b613161557284f9032d4dc531e6d7335ae
-
Filesize
7B
MD5260ca9dd8a4577fc00b7bd5810298076
SHA153a5687cb26dc41f2ab4033e97e13adefd3740d6
SHA256aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
SHA51251e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7