Overview

overview

8

Static

static

3

SolarioPla...er.exe

windows10-1703-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    135s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    29/06/2024, 13:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    SolarioPlayerLauncher.exe

  • Size

    2.0MB

  • MD5

    3533d47132901583b3c69cccf86d5428

  • SHA1

    b374ab1f3aacbd39072de0bf3b606254e2377b92

  • SHA256

    3130034f0348869fbc4b49511c4ac6bcea020f251d122f6ddda200b422bf4bcb

  • SHA512

    1af810210f407af9966e7aaddc59b78ba07b4e6b3ff3744c1e9225615bd299a79d5746c3b6b8d8d77219703dbfd744696a7eedfaa68c4b9b45e423ba2816a541

  • SSDEEP

    49152:h9DY5e5L9CsgV7Jk/WZ+6QNGcr6x9jqd2mFdI+8kZ8i51:3Aep9XgV7Jk/W06QNGcr6x9+bAi5

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SolarioPlayerLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\SolarioPlayerLauncher.exe"
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4444
    • C:\Windows\SysWOW64\cmd.exe
      "cmd" /c cls
      2⤵
        PID:252
      • C:\Windows\SysWOW64\cmd.exe
        "cmd" /c start https://www.solario.ws/games
        2⤵
        • Checks computer location settings
        PID:4068
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4136
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:2204
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:64
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4236
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4736
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:3376

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
            Filesize

            4KB

            MD5

            1bfe591a4fe3d91b03cdf26eaacd8f89

            SHA1

            719c37c320f518ac168c86723724891950911cea

            SHA256

            9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

            SHA512

            02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E49JWOHD\edgecompatviewlist[1].xml
            Filesize

            74KB

            MD5

            d4fc49dc14f63895d997fa4940f24378

            SHA1

            3efb1437a7c5e46034147cbbc8db017c69d02c31

            SHA256

            853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

            SHA512

            cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0W1E51KV\hcaptcha[1].js
            Filesize

            379KB

            MD5

            8c42572baf0c499756e20026b04f694b

            SHA1

            7376160350ec64281515b4bcf9fc05fea9c3ec5d

            SHA256

            683c4c9e22a965c338ab116c4cfefb4aa9381b4d26dc708136fcd4cb74339b3a

            SHA512

            3d8787c3141ba17de055c146fd880d8cf12c518aecf760309507f7c1266c91ae60328f6b86c9b65e04e15d2791552fd47ed244e4b44dd80df9de54412a374a6d

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\7863LXT4\suggestions[1].en-US
            Filesize

            17KB

            MD5

            5a34cb996293fde2cb7a4ac89587393a

            SHA1

            3c96c993500690d1a77873cd62bc639b3a10653f

            SHA256

            c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

            SHA512

            e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\AB5SU7FD\syntax[1].ico
            Filesize

            66KB

            MD5

            5e9a7f9eb4dbaa6207e6794df7042991

            SHA1

            8b55ebe6ce9795aa6245a47434c06a532d1d1f75

            SHA256

            63976ac53b22803f74afdbb01599edd7090d5d6f6fc4fb29ce612454af556099

            SHA512

            ec35ad0b5e4049ea274ac2d83d88fd0db70865c2fe7af47a449f67cdc788e4b142df4889c2af6c04f45452169b294448d29f2770fca955a76d8f35cb1bdb9178

            Download Submit

          • C:\Users\Admin\AppData\Local\Solario\Versions\version-ckrDXMzpbLi4PmtW\Client2020\ExtraContent\LuaPackages\AppTempCommon\LuaApp\Flags\.robloxrc
            Filesize

            93B

            MD5

            442236bb38b92a0fa8b566a20b882796

            SHA1

            8439b506a927e625634dee509e43745d9102ecd2

            SHA256

            2a302dfa7c7366044a28fed4ed42b4092b04c323b08ac168208b5e830a08a30d

            SHA512

            b63e0172f1fe5e42490505e7911f7fb56665eeeb57f37fddd36d00da13e60e91a38a31dafd7b39474022c67d0b1e4203aecfaef16690cda5cd269a62e05ecdea

            Download Submit

          • C:\Users\Admin\AppData\Local\Solario\Versions\version-ckrDXMzpbLi4PmtW\Client2020\ExtraContent\LuaPackages\Packages\_Index\roblox_infinite-scroller-98304e77-0.3.4\FitFrame.lua
            Filesize

            277B

            MD5

            3ab96f2198f6b647418085e6606da162

            SHA1

            8f37db1320fb417b57cfeaa8788ae8c233303d42

            SHA256

            7796a00b8760b7193ad3726adbc106160b94ad06be0a59472e806ea709f3f27e

            SHA512

            7bece3b2ea3cee7270fd8d692f8c755ec43e0e67586a11b9c9b6c0cbfd0900b338c359110771abe4d959870e0e7b353fefce6a17adce5792cf9b44bdad259e07

            Download Submit

          • C:\Users\Admin\AppData\Local\Solario\Versions\version-ckrDXMzpbLi4PmtW\Client2020\ExtraContent\LuaPackages\Packages\_Index\roblox_infinite-scroller-98304e77-0.5.6\Cryo.lua
            Filesize

            245B

            MD5

            02efc49f84e601bf434c452269708f7d

            SHA1

            11763c4c423be87d6b9b05127d7a610bb6a5fb65

            SHA256

            69563265d73a4dc6fcd8dc7037f990e50aaf7cf011e32e096ca9e4f5d97a3eca

            SHA512

            29f8769c16d0ac041659e7c10358423a643272f8598b9e1e28f73b48bade128eff0f5efb55fe74bf86fd2395b4df71fab2622bf1119e4c125e512ba1a2e8f635

            Download Submit

          • C:\Users\Admin\AppData\Local\Solario\Versions\version-ckrDXMzpbLi4PmtW\Client2020\ExtraContent\LuaPackages\Packages\_Index\roblox_infinite-scroller-98304e77-0.5.6\Roact.lua
            Filesize

            247B

            MD5

            56e11e22899b878524535c78aeabc2b1

            SHA1

            64934fb0c8c5ddc36329194a0b96116c9baba70b

            SHA256

            968e261b51780a92ed1fe2b671b9e18b436c191be1df5a81734468e1c20578d1

            SHA512

            3fad9842ee34cd458ce6df6eaad3bcbb5931f2e5ad2d4d24c7847eda2cabd53a246b7687049d54ceebfa9a5187094d2e9343a9d01a81fb6be2cf1364282f9207

            Download Submit

          • C:\Users\Admin\AppData\Local\Solario\Versions\version-ckrDXMzpbLi4PmtW\Client2020\ExtraContent\LuaPackages\Packages\_Index\roblox_infinite-scroller-98304e77-0.5.6\t.lua
            Filesize

            239B

            MD5

            08c7e65b5b537ec75fa622a1423d5a16

            SHA1

            ca469e566b90ee6cfb0ae2234533116d44dc94fa

            SHA256

            40e55b76ba3d9d9d20a16c89b7d3118b67355858a43778217a8abf2a532b4408

            SHA512

            0cabead8a9bd01d6d657feb57d3986c48c0cae54935369c17698d537c4ad41ebe3e086fb96a3f75edabe3d4209f4c20960a291b6be8040c86203eb6cdde6f156

            Download Submit

          • C:\Users\Admin\AppData\Local\Solario\Versions\version-ckrDXMzpbLi4PmtW\Client2020\ExtraContent\LuaPackages\Packages\_Index\roblox_purchase-prompt\Otter.lua
            Filesize

            247B

            MD5

            5f276c095487802a612eb20c8cd67db6

            SHA1

            aad32229b8b6ca8e1efa87e7f7be8bf66e2b4b5d

            SHA256

            208c19d2a7b9078f39c6e05e7c6dfe4a9b5e7505e37a045670ccf5789c5f079c

            SHA512

            b9c371026590cb24a49dfb80a3a58516207837ce92ddbe24ff8143177c247d988ec7d86dc0b17ddde107095b7dd13e5a65bcf69b8c7db6cc8f15cf7a4c60ae3c

            Download Submit

          • C:\Users\Admin\AppData\Local\Solario\Versions\version-ckrDXMzpbLi4PmtW\Client2020\ExtraContent\LuaPackages\Packages\_Index\roblox_purchase-prompt\purchase-prompt\Localization\Locales\da-dk.lua
            Filesize

            706B

            MD5

            c80e3e1ea55f88af6e1cf362450a9288

            SHA1

            0ce682c7797a88a0b4d5236fda9eb80bec463d17

            SHA256

            54439b9542f022d546a2ada7758748406fe9b89641f96411cbe253d9fb168de7

            SHA512

            bea47b956ef677dd7e271a6a15f1d45a0dee2ea659fb407c01d87204aa629553ea3eeab4f9989f978d80365d8da40f432813b96e9717dd26ebe4b7d2651f28ed

            Download Submit

          • C:\Users\Admin\AppData\Local\Solario\Versions\version-ckrDXMzpbLi4PmtW\Client2020\ExtraContent\LuaPackages\Packages\_Index\rodux-networking\Rodux.lua
            Filesize

            247B

            MD5

            5ae7309541413111db65c3ebcf9994b3

            SHA1

            0bb0047472051c7a9e20cc5cc5c272cc6b9c62ed

            SHA256

            b9928dd057d386ec5f8f77f8d0f38e5f08dcbf61e604d610f9d8b8377e2531cc

            SHA512

            e8d75ade204fc3eb9710608109441d783888d5979a9dc0a84bd00ebf6a0300bd716020ce1b17d974f3fedaf2f4eb42bb6627636d6445efe6bc9d6f5385abab33

            Download Submit

          • C:\Users\Admin\AppData\Local\Solario\Versions\version-ckrDXMzpbLi4PmtW\Client2020\PlatformContent\pc\textures\fabric\normaldetail.dds
            Filesize

            176B

            MD5

            f527b5859d7ca6c080ba954f3013883f

            SHA1

            3d00b598b1fb762ae0921bcc49ca189f05f417d2

            SHA256

            ff11c95774ee0405666fa313f1e53ebb46b1352bfff3456ac2b2caccdab07b4d

            SHA512

            e908a29c4316a15f5c16a005c69b402e0525b80e0c3284d6f19074ab8b05d62d079ecf43974b223a68d7c56cbf1789df69ab260553de1aab0edfbdad5e6d654d

            Download Submit

          • memory/4136-3800-0x000001BB90C10000-0x000001BB90C12000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4136-3781-0x000001BB93820000-0x000001BB93830000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4136-3765-0x000001BB93720000-0x000001BB93730000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4236-3810-0x0000024106700000-0x0000024106800000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/4736-3995-0x00000220B3370000-0x00000220B3372000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4736-3981-0x00000220B3820000-0x00000220B3822000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4736-4012-0x00000220B51C0000-0x00000220B52C0000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/4736-4011-0x00000220B51C0000-0x00000220B52C0000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/4736-4007-0x00000220B51C0000-0x00000220B52C0000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/4736-3997-0x00000220B33A0000-0x00000220B33A2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4736-3979-0x00000220B37B0000-0x00000220B37B2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4736-3993-0x00000220B3360000-0x00000220B3362000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4736-3991-0x00000220B31E0000-0x00000220B31E2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4736-3989-0x00000220B31A0000-0x00000220B31A2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4736-3987-0x00000220B2C40000-0x00000220B2C42000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4736-3986-0x00000220B4600000-0x00000220B4700000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/4736-4006-0x00000220B51C0000-0x00000220B52C0000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/4736-4001-0x00000220B3480000-0x00000220B3482000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4736-3999-0x00000220B3400000-0x00000220B3402000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4736-4004-0x00000220B34E0000-0x00000220B34E2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4736-4031-0x00000220B3FA0000-0x00000220B3FA2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4736-4029-0x00000220B3F90000-0x00000220B3F92000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4736-4041-0x00000220B3FE0000-0x00000220B3FE2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4736-4039-0x00000220B3FC0000-0x00000220B3FC2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4736-3864-0x00000220B3840000-0x00000220B3860000-memory.dmp

            Filesize

            128KB

            Download

          • memory/4736-4055-0x00000220B51C0000-0x00000220B52C0000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/4736-4058-0x00000220B51C0000-0x00000220B52C0000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/4736-4059-0x00000220B51C0000-0x00000220B52C0000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/4736-4077-0x00000220B4300000-0x00000220B4400000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/4736-4081-0x00000220B5E00000-0x00000220B5F00000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/4736-3833-0x00000220A2300000-0x00000220A2400000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/4736-3824-0x00000220A1A80000-0x00000220A1A82000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4736-3827-0x00000220A1AB0000-0x00000220A1AB2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4736-3829-0x00000220A1AD0000-0x00000220A1AD2000-memory.dmp

            Filesize

            8KB

            Download