Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3Solar Clie....0.exe
windows7-x64
7$PLUGINSDI...er.dll
windows7-x64
1$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows7-x64
3LICENSES.c...m.html
windows7-x64
1Solar Tweaks.exe
windows7-x64
7d3dcompiler_47.dll
windows7-x64
1ffmpeg.dll
windows7-x64
1libEGL.dll
windows7-x64
1libGLESv2.dll
windows7-x64
1resources/app.js
windows7-x64
3resources/elevate.exe
windows7-x64
1swiftshade...GL.dll
windows7-x64
1swiftshade...v2.dll
windows7-x64
1vk_swiftshader.dll
windows7-x64
1vulkan-1.dll
windows7-x64
1$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ss.dll
windows7-x64
3$PLUGINSDI...7z.dll
windows7-x64
3Uninstall ...ks.exe
windows7-x64
Analysis
-
max time kernel
300s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
30/06/2024, 14:52
Static task
static1
Behavioral task
behavioral1
Sample
Solar Client/Solar-Tweaks-Setup-4.2.0.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral2
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/WinShell.dll
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral6
Sample
LICENSES.chromium.html
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral7
Sample
Solar Tweaks.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral8
Sample
d3dcompiler_47.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral9
Sample
ffmpeg.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral10
Sample
libEGL.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral11
Sample
libGLESv2.dll
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral12
Sample
resources/app.js
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral13
Sample
resources/elevate.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
swiftshader/libEGL.dll
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral15
Sample
swiftshader/libGLESv2.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral16
Sample
vk_swiftshader.dll
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral17
Sample
vulkan-1.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral18
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral19
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral20
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral21
Sample
Uninstall Solar Tweaks.exe
Resource
win7-20240611-en
windows7-x64
General
-
Target
Solar Tweaks.exe
-
Size
130.1MB
-
MD5
b7cd0e6338eea04671d96dc170749be3
-
SHA1
99ccfefb5d283e37f488c78112fcb9e9418d6798
-
SHA256
b922365aa35ae4352b0fec087219efca5b6173adba2d0a475b336a2fc6e36fad
-
SHA512
1f1b70563cb97ca3e6a6dd25a50d3b59da265539a011d7b4b99d17f09d2145c6469d55a589978c3f657f78225083ae8d4e1ba208195924967ffc5ffa4b8b7943
-
SSDEEP
1572864:2mYWQRWtJ65M7a2iu4Rywh9hJyO9N+oJOTU8f/kmgZ2sI:B4M7a2H4Ryu+dNgI
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Control Panel\International\Geo\Nation Solar Tweaks.exe Key value queried \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Control Panel\International\Geo\Nation Solar Tweaks.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2748 Solar Tweaks.exe 2588 Solar Tweaks.exe 2588 Solar Tweaks.exe 2588 Solar Tweaks.exe 2180 Solar Tweaks.exe 2180 Solar Tweaks.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 1152 2180 Solar Tweaks.exe 29 PID 2180 wrote to memory of 2748 2180 Solar Tweaks.exe 30 PID 2180 wrote to memory of 2748 2180 Solar Tweaks.exe 30 PID 2180 wrote to memory of 2748 2180 Solar Tweaks.exe 30 PID 2180 wrote to memory of 2588 2180 Solar Tweaks.exe 31 PID 2180 wrote to memory of 2588 2180 Solar Tweaks.exe 31 PID 2180 wrote to memory of 2588 2180 Solar Tweaks.exe 31 PID 2180 wrote to memory of 1648 2180 Solar Tweaks.exe 32 PID 2180 wrote to memory of 1648 2180 Solar Tweaks.exe 32 PID 2180 wrote to memory of 1648 2180 Solar Tweaks.exe 32 PID 2180 wrote to memory of 1648 2180 Solar Tweaks.exe 32 PID 2180 wrote to memory of 1648 2180 Solar Tweaks.exe 32 PID 2180 wrote to memory of 1648 2180 Solar Tweaks.exe 32 PID 2180 wrote to memory of 1648 2180 Solar Tweaks.exe 32 PID 2180 wrote to memory of 1648 2180 Solar Tweaks.exe 32 PID 2180 wrote to memory of 1648 2180 Solar Tweaks.exe 32 PID 2180 wrote to memory of 1648 2180 Solar Tweaks.exe 32 PID 2180 wrote to memory of 1648 2180 Solar Tweaks.exe 32 PID 2180 wrote to memory of 1648 2180 Solar Tweaks.exe 32 PID 2180 wrote to memory of 1648 2180 Solar Tweaks.exe 32 PID 2180 wrote to memory of 1648 2180 Solar Tweaks.exe 32 PID 2180 wrote to memory of 1648 2180 Solar Tweaks.exe 32 PID 2180 wrote to memory of 1648 2180 Solar Tweaks.exe 32 PID 2180 wrote to memory of 1648 2180 Solar Tweaks.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\Solar Tweaks.exe"C:\Users\Admin\AppData\Local\Temp\Solar Tweaks.exe"1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2180 -
C:\Users\Admin\AppData\Local\Temp\Solar Tweaks.exe"C:\Users\Admin\AppData\Local\Temp\Solar Tweaks.exe" --type=gpu-process --field-trial-handle=1344,10484922694791134178,2245615191555646019,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1360 /prefetch:22⤵PID:1152
-
-
C:\Users\Admin\AppData\Local\Temp\Solar Tweaks.exe"C:\Users\Admin\AppData\Local\Temp\Solar Tweaks.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1344,10484922694791134178,2245615191555646019,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1636 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2748
-
-
C:\Users\Admin\AppData\Local\Temp\Solar Tweaks.exe"C:\Users\Admin\AppData\Local\Temp\Solar Tweaks.exe" --type=renderer --field-trial-handle=1344,10484922694791134178,2245615191555646019,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1860 /prefetch:12⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:2588
-
-
C:\Users\Admin\AppData\Local\Temp\Solar Tweaks.exe"C:\Users\Admin\AppData\Local\Temp\Solar Tweaks.exe" --type=gpu-process --field-trial-handle=1344,10484922694791134178,2245615191555646019,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1360 /prefetch:22⤵PID:1648
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd