Analysis Overview
SHA256
a7fecfc225dfdd4e14dcd4d1b4ba1b9f8e4d1984f1cdd8cda3a9987e5d53c239
Threat Level: Shows suspicious behavior
The file SolaraBootstrapper.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Legitimate hosting services abused for malware hosting/C2
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-14 22:55
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 22:55
Reported
2024-06-14 22:56
Platform
win10v2004-20240508-en
Max time kernel
32s
Max time network
36s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
Files
memory/2416-0-0x00000000743CE000-0x00000000743CF000-memory.dmp
memory/2416-1-0x0000000000A40000-0x0000000000A4A000-memory.dmp
memory/2416-2-0x0000000005410000-0x000000000541A000-memory.dmp
memory/2416-3-0x00000000743C0000-0x0000000074B70000-memory.dmp
memory/2416-4-0x00000000743CE000-0x00000000743CF000-memory.dmp
memory/2416-5-0x00000000743C0000-0x0000000074B70000-memory.dmp
memory/2416-7-0x00000000743C0000-0x0000000074B70000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 22:55
Reported
2024-06-14 22:58
Platform
win7-20240611-en
Max time kernel
118s
Max time network
118s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
Files
memory/2112-0-0x00000000740EE000-0x00000000740EF000-memory.dmp
memory/2112-1-0x0000000000C10000-0x0000000000C1A000-memory.dmp
memory/2112-2-0x00000000740E0000-0x00000000747CE000-memory.dmp
memory/2112-3-0x00000000740E0000-0x00000000747CE000-memory.dmp