Analysis
-
max time kernel
1763s -
max time network
1772s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 18:14
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
SolaraBootstrapper.exe
Resource
win7-20240221-en
3 signatures
1800 seconds
Behavioral task
behavioral2
Sample
SolaraBootstrapper.exe
Resource
win10v2004-20240508-en
3 signatures
1800 seconds
General
-
Target
SolaraBootstrapper.exe
-
Size
13KB
-
MD5
3f7673ea3133daf29d57251bc05ff92b
-
SHA1
5ade028da3ea7ecf81fc1ed37bb0be17021d3f6a
-
SHA256
3cac765b2abc6fb9adf2e73a19f88d74eaed2c47b7edda15bfbf1be1093bd525
-
SHA512
dd6314ceb9ab8b3bce57b262f99172c4707eab877032631f4c1d91f1763e117d2d87daba920388d03e01f7df9a72e7d7487faf6df60b0f8c22eb161d856e602f
-
SSDEEP
192:kyxQOLBVA1v4giszrIaTaL8mr/qVm0ifnTJwmHhhjd:PxxA1AgioIaTad+Lifdwmfj
Score
6/10
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
SolaraBootstrapper.exepid process 1584 SolaraBootstrapper.exe 1584 SolaraBootstrapper.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
SolaraBootstrapper.exedescription pid process Token: SeDebugPrivilege 1584 SolaraBootstrapper.exe