Analysis
-
max time kernel
145s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
05/07/2024, 13:56
General
-
Target
https://github.com/Rederax01/Solara-Executor/releases/download/v2.1/Solara.zip
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of FindShellTrayWindow 33 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Rederax01/Solara-Executor/releases/download/v2.1/Solara.zip1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9686a46f8,0x7ff9686a4708,0x7ff9686a47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1196801605139157658,10125753238705465090,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,1196801605139157658,10125753238705465090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,1196801605139157658,10125753238705465090,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1196801605139157658,10125753238705465090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1196801605139157658,10125753238705465090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1196801605139157658,10125753238705465090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1196801605139157658,10125753238705465090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1196801605139157658,10125753238705465090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1196801605139157658,10125753238705465090,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,1196801605139157658,10125753238705465090,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4976 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1196801605139157658,10125753238705465090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,1196801605139157658,10125753238705465090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3416 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1196801605139157658,10125753238705465090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1196801605139157658,10125753238705465090,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1196801605139157658,10125753238705465090,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1856 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Solara.zip\luajit.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Solara.zip\luajit.exe"1⤵
-
C:\Users\Admin\Desktop\luajit.exe"C:\Users\Admin\Desktop\luajit.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e81c757cdb64c4fd5c91e6ade1a16308
SHA119dc7ff5e8551a2b08874131d962b697bb84ad9b
SHA25682141d451d07bdb68991f33c59129214dd6d3d10158aeb7a1dc81efbc5fb12b3
SHA512ba8de0b3b04fec5a96d361459dde0941b1b70f5be231fdec94806efa3ecf1e8faf8e27b1800fa606dc4a82e29d4cf5109b94109e5ad242ddf9f4671e2acbcfbd
-
Filesize
152B
MD52e57ec8bd99545e47a55d581964d0549
SHA1bd7055ea7df7696298a94dedfc91136e3b530db8
SHA256a50ba35608edc2f3360cc71be0d4b29bba0e3382d1f08f24df5322ce2ad2443c
SHA5126b9b73d983c472149629c842e16e4f7c2f8a0a3bb6dd64837ef647db810ef1beb3a02b15dc1eec2c5de8aee6b3ca195c7d26c432705061c5b0ec7841a5bbf106
-
Filesize
265B
MD5f5cd008cf465804d0e6f39a8d81f9a2d
SHA16b2907356472ed4a719e5675cc08969f30adc855
SHA256fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d
SHA512dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d
-
Filesize
6KB
MD5ba980f7b372130b2b14155a2c134758e
SHA15e4f7d980032f507046e7d494dacf5caa4310ddc
SHA256a0b10cf3c02bfd5fa608a169ebc21b67e4af4d332aa830c97e1a19a7b8a0850c
SHA512573a69e3ed50004fbb316d9112390c119881ce570cff5345563ddf4d1b4dabf77d39143ea218f0e98fa5a0f0061557aad98e80bff7bcfec34963c1022bcd8e0e
-
Filesize
6KB
MD5bedf654612cf6db0c549530f9c7e0ebe
SHA1ea6771fca0a30d5519b204d2da314b95c0469932
SHA256d42270370b0e4f83e4ba44b5bba8565041c0929e72cad509f0f15aaebc79aed1
SHA512cc3d2a4607b0be407f869699a418b786b4eb520a52b2754f4726250db94cc0c23c16547f51c8d4303f803a851a4d45d9ea8281c0a40c05f088cf2043a37f3d53
-
Filesize
6KB
MD5c099edf8da0a58440f5c787f472a04b7
SHA1a2d57a4735d02781550cc32865460ef073496e84
SHA25677102e8cc4167c412eefe5578f40f0ee4f831f5c23cf67bc7bdad7763353edb4
SHA512a29e95e2bd44b3cd99606cc12890e9f008acb3b1d671bd248b61b0c308677d54001f8c209fb91d2891367ebfdb74eac3297faa38f832011f4ec3bf980fd10a77
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD56d607e366f2d7f84311d7f81ac576d46
SHA167b3def751d9f3827a06348661ab349ab5a58b3b
SHA25637140f9919238d0037049a8f5cf6190a66fc5e15e6c9ae54dec3d90c40e1b707
SHA5127a1f1b139c94d840866cf4a146753852eeec4ff93a15c36fbc2766faa68130a15b32544d5f1cb50926bfd2cac3d6f35bd7f99f57784095042c91dea683eaade8
-
Filesize
11KB
MD55648468c5eb81530ec54fef8350bfc37
SHA11c9b360c6bc75b859d24fcf9a8f43e65d5f93952
SHA2563c7e6baaceefa56d15787e4f962ccb6eb1d6a8bcc4ee91bb04e0fc5886e39d49
SHA512da350c21f441b07452b7c2b28f3329948ff228ec81aea1d46c1959860c8f5fe40222b65185394ed9515bf4051e717c43efde893e6795f83f6dcc62ac88c2ae91
-
Filesize
11KB
MD512855804cda2434a19024bfe380fba34
SHA1e700aa953948490d248d47b241c7c1843ff82b7b
SHA256278dbe9838ee2085780d78d2064d3bb51a75d08e991cff1ddba4f395e17faef7
SHA51231b06eac04f652fd040bf701f17034e4f0072dc68d5fed9fe01db4869d623a2b5ee74652e9486cee4e668ecedb10462ecd3763f2ab2b11e9794b63049c715dce
-
Filesize
460KB
MD5caefbac898be006f73f0529b77207b57
SHA16c2cae98a31c0e635adcb47b6da55db4bbbc21bd
SHA256e0efb9a458baf57f1d729bc3569bcc53119594a08c8dc84b4c397d10c11d21e4
SHA5127a00d5ab2ec565549f6ba27a43a8e31cd2b907f93fa68c0f5474ed115b28b4850cae8129876bffe40ca94fbd32ba5c99ab18519829176d2e6852cf662d6ed449