Overview
overview
9Static
static
9Solara⠀�...��.exe
windows11-21h2-x64
7Solara⠀�...32.dll
windows11-21h2-x64
3Solara⠀�...32.lib
windows11-21h2-x64
3Solara⠀�...SE.txt
windows11-21h2-x64
3Solara⠀�...wp.dll
windows11-21h2-x64
1Solara⠀�...uwpver
windows11-21h2-x64
1Solara⠀�...ff.bin
windows11-21h2-x64
3Solara⠀�...offver
windows11-21h2-x64
1Solara⠀�...on.txt
windows11-21h2-x64
3Solara⠀�...ts.dll
windows11-21h2-x64
1Analysis
-
max time kernel
89s -
max time network
100s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
28-05-2024 09:32
Behavioral task
behavioral1
Sample
Solara⠀⠀/Solara⠀Executor⠀V2⠀.exe
Resource
win11-20240419-en
Behavioral task
behavioral2
Sample
Solara⠀⠀/dll/VMProtectSDK32.dll
Resource
win11-20240426-en
Behavioral task
behavioral3
Sample
Solara⠀⠀/dll/VMProtectSDK32.lib
Resource
win11-20240426-en
Behavioral task
behavioral4
Sample
Solara⠀⠀/dll/autoexec/HOW_TO_USE.txt
Resource
win11-20240419-en
Behavioral task
behavioral5
Sample
Solara⠀⠀/dll/celeryuwp.dll
Resource
win11-20240508-en
Behavioral task
behavioral6
Sample
Solara⠀⠀/dll/celeryuwpver
Resource
win11-20240508-en
Behavioral task
behavioral7
Sample
Solara⠀⠀/dll/uwpoff.bin
Resource
win11-20240508-en
Behavioral task
behavioral8
Sample
Solara⠀⠀/dll/uwpoffver
Resource
win11-20240426-en
Behavioral task
behavioral9
Sample
Solara⠀⠀/dll/uwpversion.txt
Resource
win11-20240426-en
Behavioral task
behavioral10
Sample
Solara⠀⠀/scripts/scripts.dll
Resource
win11-20240426-en
General
-
Target
Solara⠀⠀/dll/VMProtectSDK32.dll
-
Size
98KB
-
MD5
7ff7f1e0cc2bb5a6eac9c21762ee66b2
-
SHA1
8e8b1e55c1ae4c6d07c79d120182acd3a5db64d5
-
SHA256
ac25bf2734049c16094a1b0d5c1749d11f10f2655d59fa6cfe923e12956f2074
-
SHA512
f29c814f327f379a72823bbae55d0fd3df792f7d4f21cd8939f7fab266d3cb8e075c05938da667d4d674b30d61ff088f2c9b55cf822471f65cd2ae3a52ababe9
-
SSDEEP
1536:rT33kLmdI52QC2mCYKw2cr2RhXbZ9qu/nDw2a1+YRroJQusWMIcdw/0YXowGF:lhQC2mCYK3RhrZ9dPk2Q9yMJw/0YRG
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3192 2556 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4316 wrote to memory of 2556 4316 rundll32.exe rundll32.exe PID 4316 wrote to memory of 2556 4316 rundll32.exe rundll32.exe PID 4316 wrote to memory of 2556 4316 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Solara⠀⠀\dll\VMProtectSDK32.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Solara⠀⠀\dll\VMProtectSDK32.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 4523⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2556 -ip 25561⤵