Analysis Overview
SHA256
2510be907ec476e8375ac7b5431536ae9a32bf99fe77ab695a5100852b111b96
Threat Level: Shows suspicious behavior
The file SolaraB.zip was found to be: Shows suspicious behavior.
Malicious Activity Summary
Themida packer
Legitimate hosting services abused for malware hosting/C2
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-09 14:46
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-09 14:46
Reported
2024-06-09 14:49
Platform
win10v2004-20240426-en
Max time kernel
0s
Max time network
71s
Command Line
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe"
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.0.1179053611\1145084917" -parentBuildID 20230214051806 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c0a44a4-10d2-4d97-bbad-52fd222bdf9b} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 1836 22191716d58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.1.162945662\785262636" -parentBuildID 20230214051806 -prefsHandle 2392 -prefMapHandle 2380 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4de80a34-8660-4df3-aea3-788ad6732229} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 2404 22184a89358 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.2.1759716429\292699726" -childID 1 -isForBrowser -prefsHandle 2984 -prefMapHandle 2980 -prefsLen 22215 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52fe2bcc-e936-4d8c-8603-637edc86917b} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 2996 2219450ce58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.3.1614237144\1390886681" -childID 2 -isForBrowser -prefsHandle 3844 -prefMapHandle 3828 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e52c5c9-cc9e-44fe-9b3f-0e183c2faab5} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 3856 221962c5358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.4.1731217342\1423780405" -childID 3 -isForBrowser -prefsHandle 5180 -prefMapHandle 5176 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2678ed1-00c0-43cf-9115-8c12664f9b19} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 5188 221970f7e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.5.1149922110\1608304677" -childID 4 -isForBrowser -prefsHandle 5328 -prefMapHandle 5332 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31c40498-e142-470a-a3d7-3467ff0a01fa} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 5316 22198408e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.6.1564947225\1225354899" -childID 5 -isForBrowser -prefsHandle 5520 -prefMapHandle 5524 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff3226e7-434f-443b-981e-a4c1497268ef} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 5508 2219966b858 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 204.79.197.203:443 | tcp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
memory/3728-0-0x00000000744BE000-0x00000000744BF000-memory.dmp
memory/3728-1-0x00000000007C0000-0x00000000007CA000-memory.dmp
memory/3728-2-0x0000000005190000-0x000000000519A000-memory.dmp
memory/3728-3-0x00000000744B0000-0x0000000074C60000-memory.dmp
memory/3728-5-0x0000000005C80000-0x0000000005C92000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc
| MD5 | c2ab942102236f987048d0d84d73d960 |
| SHA1 | 95462172699187ac02eaec6074024b26e6d71cff |
| SHA256 | 948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a |
| SHA512 | e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc
| MD5 | c28b0fe9be6e306cc2ad30fe00e3db10 |
| SHA1 | af79c81bd61c9a937fca18425dd84cdf8317c8b9 |
| SHA256 | 0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641 |
| SHA512 | e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc
| MD5 | d0104f79f0b4f03bbcd3b287fa04cf8c |
| SHA1 | 54f9d7adf8943cb07f821435bb269eb4ba40ccc2 |
| SHA256 | 997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a |
| SHA512 | daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE
| MD5 | 13babc4f212ce635d68da544339c962b |
| SHA1 | 4881ad2ec8eb2470a7049421047c6d076f48f1de |
| SHA256 | bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400 |
| SHA512 | 40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
| MD5 | f8f4522d11178a26e97e2046f249dfa7 |
| SHA1 | 8b591d9a37716e235260fb6b3f601e4ccbebf15d |
| SHA256 | 3c372a8919c28dc76414b2f30da423c3e1018b1a8444527949ce20cc3fc93ed0 |
| SHA512 | 52ea881cad501cf1d5e8ac47355e862ac1bd39cb6e1ff3d362d392b6f2d676e74878832505d17a552aaa3bc8f3977da11fa3f9903722eedd23716fb46ddb7492 |
memory/3728-1473-0x00000000744B0000-0x0000000074C60000-memory.dmp
memory/5084-1472-0x000001F2E8A10000-0x000001F2E8A2A000-memory.dmp
memory/5084-1471-0x00007FFA87653000-0x00007FFA87655000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll
| MD5 | b689169b2956fff21f686f39106fa7fc |
| SHA1 | 0bf7c393b9820813527f44956bc245cfe4d25a41 |
| SHA256 | 4f10137da039041165ce3c6eea382da44908e20a531a461512946c894b1fcf77 |
| SHA512 | 194a7a501e9524a6fb12a766c2ef3c9ab3f518bc72c888581e55955a88ee3a423cf3f59c10c5341603ff20e0d18df42653d8940f84459b8137879f2727a91fb9 |
memory/5084-1476-0x00007FFA87650000-0x00007FFA88111000-memory.dmp
memory/5084-1475-0x000001F2ECBB0000-0x000001F2ED0EC000-memory.dmp
memory/5084-1477-0x000001F2EC860000-0x000001F2EC91A000-memory.dmp
memory/5084-1481-0x000001F2EA7A0000-0x000001F2EA7AE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll
| MD5 | 34ec990ed346ec6a4f14841b12280c20 |
| SHA1 | 6587164274a1ae7f47bdb9d71d066b83241576f0 |
| SHA256 | 1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409 |
| SHA512 | b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0 |
memory/5084-1479-0x000001F2EC920000-0x000001F2EC99E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll
| MD5 | 851fee9a41856b588847cf8272645f58 |
| SHA1 | ee185a1ff257c86eb19d30a191bf0695d5ac72a1 |
| SHA256 | 5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca |
| SHA512 | cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll
| MD5 | a0bd0d1a66e7c7f1d97aedecdafb933f |
| SHA1 | dd109ac34beb8289030e4ec0a026297b793f64a3 |
| SHA256 | 79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36 |
| SHA512 | 2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\vcruntime140.dll
| MD5 | 7a2b8cfcd543f6e4ebca43162b67d610 |
| SHA1 | c1c45a326249bf0ccd2be2fbd412f1a62fb67024 |
| SHA256 | 7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f |
| SHA512 | e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll
| MD5 | 75365924730b0b2c1a6ee9028ef07685 |
| SHA1 | a10687c37deb2ce5422140b541a64ac15534250f |
| SHA256 | 945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b |
| SHA512 | c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1 |
memory/5084-1492-0x0000000180000000-0x0000000180E54000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll
| MD5 | e31f5136d91bad0fcbce053aac798a30 |
| SHA1 | ee785d2546aec4803bcae08cdebfd5d168c42337 |
| SHA256 | ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671 |
| SHA512 | a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll
| MD5 | c4ce570d3d045f1d2a5a279bdb4e79aa |
| SHA1 | ecea98e2e66c0949c6e67df51c31cc13155316b2 |
| SHA256 | d9ece044d2d85392e78d7e75d378b66d6ce0f57e20c53a2a5fa69cf3798fcbcb |
| SHA512 | 30ae49c0ac9403374c5ae376c2f2fa224af62c55ffb0c4d2d0db209c87c445b7ac05628132242e8a3b0505dcb0488e6edf300a7accf18ec6bebc3149d45a0fb9 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll
| MD5 | cb21dd3353ec9d9b9b24d2736bd91317 |
| SHA1 | acf87c778072b55baecd0fc1018ba5df0cafc8bd |
| SHA256 | 79322cabf204a2bfb5fa1a1f622badf50756bb6d9619e9db515a0006f31602b2 |
| SHA512 | 04ddbe1c5fb6c5b441b0173fe3b301990e554986ae419e08e3fc189c782fa6a2b5b0c1aed08d394c3b15c0026ada235fb3aa148e692b7cc3ff2b9c4359435256 |
memory/5084-1493-0x0000000180000000-0x0000000180E54000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txt
| MD5 | 6b09afc61af8884f2fc6204922e970be |
| SHA1 | fe3da40f27e8dc2b8e2392c9590666982fff3398 |
| SHA256 | f99a87a0c9006940f0d9efa1331d253dcf56016c82f4e266b507c303bb8493a6 |
| SHA512 | 69ac27dbd690d1919a5da98e5f427328147c18a338596a0cf7ccb2cd09594da388fc4bb5df660bb4ca5a630f3ffc3ee3783b24c262683d2c5992db2f1abca8ea |
memory/5084-1495-0x0000000180000000-0x0000000180E54000-memory.dmp
memory/5084-1494-0x0000000180000000-0x0000000180E54000-memory.dmp
memory/5084-1497-0x000001F2F1280000-0x000001F2F1288000-memory.dmp
memory/5084-1499-0x000001F2F1830000-0x000001F2F183E000-memory.dmp
memory/5084-1498-0x000001F2F1860000-0x000001F2F1898000-memory.dmp
memory/5084-1500-0x0000000180000000-0x0000000180E54000-memory.dmp
memory/5084-1501-0x00007FFA96E70000-0x00007FFA96E94000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs-1.js
| MD5 | 1e16344bd24b516adf18665a9a8e5351 |
| SHA1 | d5615614ef532490076a3ecb043a959c2abfef5e |
| SHA256 | cab22da46737828d06c31e221aaa95e5c9c3848d11edf94775fe67b4a15e578b |
| SHA512 | b01fc5c81f348abffc56002ce38c76efa1e0b1ce5faa01e78b756bdc1e60a05df15fcd8d9ef3f9ca38d2d8c584215a6626717ed5c653dee515877eabfcefd7d8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 6fc297a3e1fbd95386fd1cb287c7c1e4 |
| SHA1 | 90a5d9eb2411ad4e9c2eef40fc155d5c192fd8da |
| SHA256 | 581b5c305d04efd05a333c9d72789bd8903c50bf6d0c0e3b00347e27f48ce228 |
| SHA512 | 4453b57c454f2682f18ae804b9f5174b7e3bc90b2cd3bffc24b4ff63b9718c968c2a14b19f23b5828f0b793a826a3b478aa2972a2ed2fd8dad37d3d97a5612f8 |
memory/5084-1550-0x0000000180000000-0x0000000180E54000-memory.dmp
memory/5084-1552-0x00007FFA87653000-0x00007FFA87655000-memory.dmp
memory/5084-1554-0x00007FFA87650000-0x00007FFA88111000-memory.dmp
memory/5084-1557-0x0000000180000000-0x0000000180E54000-memory.dmp
memory/5084-1559-0x0000000180000000-0x0000000180E54000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 76ab0987ec505d828adc45088deb715f |
| SHA1 | 4805dcfb26dff2c1139c9af476c48da5211a2635 |
| SHA256 | 58c9dc658af3cb1bc5781708d384b1d46feb577ea8aa76b35cfda23268e31ef1 |
| SHA512 | c65d477aea47763b7f949ba7ac45a5584cf1dce67f33683f24bbef8b9e380da19238899dcd01cdb712e8582789e8c17d094fb48124be89042693579274854992 |
memory/5084-1566-0x0000000180000000-0x0000000180E54000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs-1.js
| MD5 | a1d41a077d5d96850afebf92a77b7eae |
| SHA1 | 745b8b36630a554e4441e88bfbf999cf6c0f92a2 |
| SHA256 | 626321f685bce132ba76481b412434290f46381d05617228c9098e8d9fbedf77 |
| SHA512 | 63cbe54824e99180ccda661b054157f1890313192ed30a4f4251bd9709f3d1ccbfef23f3df1d35bc54327270398239a44aeeee75a3dcc6a27f387e67fe01abfb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 17359981162cb4a159bda50d1b207fe5 |
| SHA1 | ef1b560f9cfc1bb74cc392390417611dbb9b9e69 |
| SHA256 | 4549729a353050d45a28e8b7e23c8038239b2d887a242fb149eb56fdc6d2b412 |
| SHA512 | 8de8313a4fc519bfffee0f990d09cefb7174fc182e68f9c2ff37f272e9f0f0ea13f96d6b71d2cc139f30fe0992ae6dbea28bb5ff633cf3755c36f899e467a80b |
memory/5084-1581-0x0000000180000000-0x0000000180E54000-memory.dmp
memory/5084-1587-0x0000000180000000-0x0000000180E54000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-09 14:46
Reported
2024-06-09 14:50
Platform
win7-20240221-en
Max time kernel
14s
Max time network
18s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
Files
memory/2168-0-0x0000000074A4E000-0x0000000074A4F000-memory.dmp
memory/2168-1-0x00000000011F0000-0x00000000011FA000-memory.dmp
memory/2168-2-0x0000000074A40000-0x000000007512E000-memory.dmp
memory/2168-3-0x0000000074A40000-0x000000007512E000-memory.dmp