Analysis
-
max time kernel
1799s -
max time network
1684s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
01-07-2024 16:22
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/newquivings/Solara/releases/tag/release
Resource
win10-20240404-en
General
-
Target
https://github.com/newquivings/Solara/releases/tag/release
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133643246345991191" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 5036 chrome.exe 5036 chrome.exe 3940 chrome.exe 3940 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 5036 chrome.exe 5036 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5036 wrote to memory of 4964 5036 chrome.exe 72 PID 5036 wrote to memory of 4964 5036 chrome.exe 72 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4664 5036 chrome.exe 74 PID 5036 wrote to memory of 4336 5036 chrome.exe 75 PID 5036 wrote to memory of 4336 5036 chrome.exe 75 PID 5036 wrote to memory of 4628 5036 chrome.exe 76 PID 5036 wrote to memory of 4628 5036 chrome.exe 76 PID 5036 wrote to memory of 4628 5036 chrome.exe 76 PID 5036 wrote to memory of 4628 5036 chrome.exe 76 PID 5036 wrote to memory of 4628 5036 chrome.exe 76 PID 5036 wrote to memory of 4628 5036 chrome.exe 76 PID 5036 wrote to memory of 4628 5036 chrome.exe 76 PID 5036 wrote to memory of 4628 5036 chrome.exe 76 PID 5036 wrote to memory of 4628 5036 chrome.exe 76 PID 5036 wrote to memory of 4628 5036 chrome.exe 76 PID 5036 wrote to memory of 4628 5036 chrome.exe 76 PID 5036 wrote to memory of 4628 5036 chrome.exe 76 PID 5036 wrote to memory of 4628 5036 chrome.exe 76 PID 5036 wrote to memory of 4628 5036 chrome.exe 76 PID 5036 wrote to memory of 4628 5036 chrome.exe 76 PID 5036 wrote to memory of 4628 5036 chrome.exe 76 PID 5036 wrote to memory of 4628 5036 chrome.exe 76 PID 5036 wrote to memory of 4628 5036 chrome.exe 76 PID 5036 wrote to memory of 4628 5036 chrome.exe 76 PID 5036 wrote to memory of 4628 5036 chrome.exe 76 PID 5036 wrote to memory of 4628 5036 chrome.exe 76 PID 5036 wrote to memory of 4628 5036 chrome.exe 76
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/newquivings/Solara/releases/tag/release1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5036 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdd0309758,0x7ffdd0309768,0x7ffdd03097782⤵PID:4964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=216 --field-trial-handle=1848,i,10304502800125394656,17202343916195672018,131072 /prefetch:22⤵PID:4664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1848,i,10304502800125394656,17202343916195672018,131072 /prefetch:82⤵PID:4336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1848,i,10304502800125394656,17202343916195672018,131072 /prefetch:82⤵PID:4628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2844 --field-trial-handle=1848,i,10304502800125394656,17202343916195672018,131072 /prefetch:12⤵PID:512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1848,i,10304502800125394656,17202343916195672018,131072 /prefetch:12⤵PID:1100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1848,i,10304502800125394656,17202343916195672018,131072 /prefetch:82⤵PID:4480
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1848,i,10304502800125394656,17202343916195672018,131072 /prefetch:82⤵PID:4548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 --field-trial-handle=1848,i,10304502800125394656,17202343916195672018,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3940
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1640
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD50b4681b2a2e6a0c63f69992841c7a089
SHA1abc4995df6f08bec152cd2e38ffe080f0666cefe
SHA2563c61dbd41f6424047dc3064009e0db0c1301b9f0a086031dfc0cf5857c00f208
SHA512f664a6f68fff385fefb9972795da3f0ceb3a02e9db45029ef51601b031fd594ca835d37f8bd89156a0251d0a66f62d3ae90a3f2d30276f4d8498fd686ec964b7
-
Filesize
1KB
MD5f6db7c4d0179e65651db1f7d91a35c5c
SHA11f9f7ca8ffb34f3bc04b9a4f0bd35b9ebd96142a
SHA256230fb8cfff449a63933b441b8da2ecf0b991786a5191f29d87cdd19bb6cf358f
SHA51228795675c16ab7b637859df84511ea41cf8ba9f7f0008f6a8275847d49b3e8a810986b819905ca198c732f5026fb84da0bb77607bd041fad61eaca95500ad416
-
Filesize
1KB
MD5c211c3f9a2e1a33f62da6af9cc93d53e
SHA19de8ac419a7a0d0470e14144a9ba2ef75bed8ae2
SHA2565a8258d5bfc8d210f7a97f41ab6e0416204b33f88044c5d336f870cc22433a7b
SHA5126c59c06bc5b60cb062fa2e3bb7bebb330d741901a223274f9a7fe56ea269f051c7cb57bf367812282566e39a000d07bd2e5ee94b7af13affd0cbf818ba9d08bb
-
Filesize
6KB
MD5068d7974e186771134277effe8defaa6
SHA107e744cfadf4f8f13f662e96756d42b4fc11c479
SHA256faf8ba40818a6269928664a4c41b0f10f4231e320c72f6aaf77b204de749f50a
SHA51259bda0cf9ae1d2c500d598803e70cca9c5897a9da69130474f13ace55e4caf3e42533b070b6eea7831fde4f981b522551c5422d4271c84dac59d430319ff4132
-
Filesize
6KB
MD58eb3c5e4bc88dbe9ed5f2aa68f82e0c8
SHA11530ebe328a44ed94ec92d98f8e02276c464173f
SHA256d7cc9a34942bf20c189eae6d67f9328c8d85d5a8d79ca140395d45f7a146831c
SHA512961387d943df9ea7b2b9a53e6c0f7ace893fecf7f29022a061079f4b00305a8f55281e0b7614db9176cdbda59cc2b70e6d0e810258b995e300ca8b39f9b0708d
-
Filesize
6KB
MD5328f345aa84337e360c4b322fb36841d
SHA1972d1cba3916ddec47c266fd89a2e0ebcc21b95f
SHA256c9201d50adfa63467a7db4380bea29b4df2de589015e503cac9cedee55bb34cb
SHA5129204277575ec8343ac76525544652bc2b2fb0e36bf9e95b56b92aeb519919035446e5cb7854b48943f9b42fb6c8b690bc1bd7fe3658139983364988e839fd70d
-
Filesize
136KB
MD52f89f2567f04a8e1fa7c5682f99b278d
SHA1acd739e6e839641208ec48830cae63e6e302c17e
SHA2564a4af8a58aa7df9875830f04c7f8f580b426334badd9a8fd9ec8af421303786d
SHA51239a8d4c2ef3307030c93b644be7423cbf6d5f702bc5572bf728c19016815554d18221359034540af3d840382521249aaab9ba8027228fed48253a574f49da2a9
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd