hxxps://www[.]mediafire[.]com/file/hxqpc0gpgm7bwbc/SolaraB[.]zip/file

Resubmissions

04-07-2024 14:45

240704-r4ycmsxhpq 1

04-07-2024 14:44

240704-r4lc3szfmf 1

Analysis

max time kernel
1799s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240611-uk
resource tags

arch:x64arch:x86image:win10v2004-20240611-uklocale:uk-uaos:windows10-2004-x64systemwindows
submitted
04-07-2024 14:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/hxqpc0gpgm7bwbc/SolaraB.zip/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645891819932938"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
348	chrome.exe
348	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4104 wrote to memory of 3044	4104	chrome.exe	82
PID 4104 wrote to memory of 3044	4104	chrome.exe	82
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 2120	4104	chrome.exe	83
PID 4104 wrote to memory of 4816	4104	chrome.exe	84
PID 4104 wrote to memory of 4816	4104	chrome.exe	84
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85
PID 4104 wrote to memory of 2732	4104	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/hxqpc0gpgm7bwbc/SolaraB.zip/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa92daab58,0x7ffa92daab68,0x7ffa92daab78
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=2064,i,4518951702387543735,14786505208737933795,131072 /prefetch:2
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=2064,i,4518951702387543735,14786505208737933795,131072 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=2064,i,4518951702387543735,14786505208737933795,131072 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=2064,i,4518951702387543735,14786505208737933795,131072 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=2064,i,4518951702387543735,14786505208737933795,131072 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=2064,i,4518951702387543735,14786505208737933795,131072 /prefetch:8
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=2064,i,4518951702387543735,14786505208737933795,131072 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=2064,i,4518951702387543735,14786505208737933795,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:348

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e1558811c590a99a889632b3f4cb9ce7

SHA1
457f3dc9d24088d5f50b3bb2ae1bd9f707319b2b

SHA256
b3cc8a3e21725930e6f999f539cd8fa1a78a1dcf8a890a2307ddc675c0b7e4c5

SHA512
4cf7317a0f25f48501aace063ca7392d740c7357e3bf68de0a3953266a787adcf053650089093ea5a263534e5c8cab3b8cb168c0b882bde6dc7a74cb07485c9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
89a1fd1efbc017cee2c94ad3cb4900aa

SHA1
d3431003e92ff54ed3bd863ce2c0418d4158c853

SHA256
4663b71e95b656429437f2961b61518aa9d2cc6503c9e0103098bb304c5d20c8

SHA512
eeb8a915587e65c1080b5d9e0037fad4558c8c964fd4ac23c5eaa124f43d1a9f58faac018f7863829f91466a94ae9ecac31cc840f089f7b1473ac17a291189f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
a1aac601659ca053001b06e230bea65e

SHA1
f1285e1e78b25df6a39e3af810e875abe50333f1

SHA256
31251e03cfc219da1b933ae6a11cb6ca828a2bd439752a4738fd6e87a8544664

SHA512
fc48c74bc18fc124da82b2b9e93cd13b7104fbaba0d2d71c77b5eb2ecbb0db6c6e407b1166c2aae1b0684763233dedb30e0e64a487fdf7a634850117223e002c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9623322c5b38e51a44ace9060896f752

SHA1
b6f830e9960b25907bf04d0850d17e38c215641c

SHA256
a2ab061d1b58d7211dbf3b9ddb132e93903dd65a150d99d8c64dd22154bbcdd5

SHA512
d7541256d39aeb6adbbe289e5873d11a637483e03c244743ff0f7d616e2f19901f714729d5a5e4efb4bf95f329a0f4ac646952e405a8cf1f750f25f508ba710a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
a2d71827f6cec6d65d7e28476cfc60c7

SHA1
7a714e0a6450b38aac72ecae97b255861374a559

SHA256
a7b49c497d46dcbb43c5cc4d52f46da6238e72218b83da80828e2f5a8d861974

SHA512
f9ccc56936ef21b6ad7b88060185c9f12458cc1647f67b03e6a419778b3b89f0dbacba08ff85e4d719d44b5e40f8c6b9e4d94d98a8a187d3dfcfba8b14bd62db

Download Submit