Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
14/06/2024, 08:36
240614-kh3a5ssfng 914/06/2024, 08:33
240614-kgbrsswepp 914/06/2024, 08:32
240614-kflklswemk 3Analysis
-
max time kernel
25s -
max time network
31s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
14/06/2024, 08:32
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
SolaraBootstrapper.exe
Resource
win11-20240508-en
3 signatures
150 seconds
General
-
Target
SolaraBootstrapper.exe
-
Size
798KB
-
MD5
baa81d6b98890ac06befe560d00be992
-
SHA1
b69769c15af3ff85ca16a4ee579ea7fd959179e9
-
SHA256
ec710ba066a78e3faf19b9d9a589ace5540a6a31551dc977b533e7d67352f87b
-
SHA512
ded06cff210a201a53670ab55078c4edfcc0c4137af04b1ad3966b69464ec717957508b341d5f5fef485679bdd841017c420a14217d9480181a03fcd9aaad7f1
-
SSDEEP
12288:PZZmz3HwnXFZ9RgoOojAojAbJaTGLLvlguxD:3mz3Hi9tOojAojAbdLL
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4576 1988 WerFault.exe 77 -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1988 SolaraBootstrapper.exe 1988 SolaraBootstrapper.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1988 SolaraBootstrapper.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1988 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 14802⤵
- Program crash
PID:4576
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1988 -ip 19881⤵PID:4024