Overview

overview

9

Static

static

3

SolaraBoot...er.exe

windows7-x64

6

SolaraBoot...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 14:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SolaraBootstrapper.exe

  • Size

    12KB

  • MD5

    06f13f50c4580846567a644eb03a11f2

  • SHA1

    39ee712b6dfc5a29a9c641d92c7467a2c4445984

  • SHA256

    0636e8f9816b17d7cff26ef5d280ce1c1aae992cda8165c6f4574029258a08a9

  • SHA512

    f5166a295bb0960e59c176eefa89c341563fdf0eec23a45576e0ee5bf7e8271cc35eb9dd56b11d9c0bbe789f2eac112643108c46be3341fa332cfcf39b4a90b9

  • SSDEEP

    192:cDnQvi7auc35nuKdhAWVIanaLvmr/XKTxnTc1BREVXLGDlNjA:cDn97auc35tAKIanayzKto1jEVQzj

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 37 IoCs
  • Suspicious use of SendNotifyMessage 37 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
    "C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3024
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:736

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/736-4-0x0000000140000000-0x00000001405E8000-memory.dmp
    Filesize

    5.9MB

    Download
  • memory/736-5-0x0000000140000000-0x00000001405E8000-memory.dmp
    Filesize

    5.9MB

    Download
  • memory/3024-0-0x000000007494E000-0x000000007494F000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3024-1-0x0000000000FE0000-0x0000000000FEA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/3024-2-0x0000000074940000-0x000000007502E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/3024-3-0x0000000074940000-0x000000007502E000-memory.dmp
    Filesize

    6.9MB

    Download