Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
07/07/2024, 10:39
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1259448081116561430/1259450016737792030/SolaraBootstrapper_2.exe?ex=668bb9bb&is=668a683b&hm=4d334ed15628d2c79e948140af391403c59e458e2a0bcc79ce88517fd0d658d2&
Resource
win10v2004-20240704-en
General
-
Target
https://cdn.discordapp.com/attachments/1259448081116561430/1259450016737792030/SolaraBootstrapper_2.exe?ex=668bb9bb&is=668a683b&hm=4d334ed15628d2c79e948140af391403c59e458e2a0bcc79ce88517fd0d658d2&
Malware Config
Signatures
-
Downloads MZ/PE file
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 560133.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3428 msedge.exe 3428 msedge.exe 3512 msedge.exe 3512 msedge.exe 4372 identity_helper.exe 4372 identity_helper.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe -
Suspicious use of FindShellTrayWindow 51 IoCs
pid Process 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe 3512 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3512 wrote to memory of 3576 3512 msedge.exe 82 PID 3512 wrote to memory of 3576 3512 msedge.exe 82 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 1720 3512 msedge.exe 85 PID 3512 wrote to memory of 3428 3512 msedge.exe 86 PID 3512 wrote to memory of 3428 3512 msedge.exe 86 PID 3512 wrote to memory of 3960 3512 msedge.exe 87 PID 3512 wrote to memory of 3960 3512 msedge.exe 87 PID 3512 wrote to memory of 3960 3512 msedge.exe 87 PID 3512 wrote to memory of 3960 3512 msedge.exe 87 PID 3512 wrote to memory of 3960 3512 msedge.exe 87 PID 3512 wrote to memory of 3960 3512 msedge.exe 87 PID 3512 wrote to memory of 3960 3512 msedge.exe 87 PID 3512 wrote to memory of 3960 3512 msedge.exe 87 PID 3512 wrote to memory of 3960 3512 msedge.exe 87 PID 3512 wrote to memory of 3960 3512 msedge.exe 87 PID 3512 wrote to memory of 3960 3512 msedge.exe 87 PID 3512 wrote to memory of 3960 3512 msedge.exe 87 PID 3512 wrote to memory of 3960 3512 msedge.exe 87 PID 3512 wrote to memory of 3960 3512 msedge.exe 87 PID 3512 wrote to memory of 3960 3512 msedge.exe 87 PID 3512 wrote to memory of 3960 3512 msedge.exe 87 PID 3512 wrote to memory of 3960 3512 msedge.exe 87 PID 3512 wrote to memory of 3960 3512 msedge.exe 87 PID 3512 wrote to memory of 3960 3512 msedge.exe 87 PID 3512 wrote to memory of 3960 3512 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1259448081116561430/1259450016737792030/SolaraBootstrapper_2.exe?ex=668bb9bb&is=668a683b&hm=4d334ed15628d2c79e948140af391403c59e458e2a0bcc79ce88517fd0d658d2&1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3512 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc09346f8,0x7ffcc0934708,0x7ffcc09347182⤵PID:3576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7881683070316292522,2587546979586341018,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵PID:1720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7881683070316292522,2587546979586341018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7881683070316292522,2587546979586341018,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7881683070316292522,2587546979586341018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:12⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7881683070316292522,2587546979586341018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:12⤵PID:412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7881683070316292522,2587546979586341018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:2812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7881683070316292522,2587546979586341018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:1572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7881683070316292522,2587546979586341018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵PID:3832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7881683070316292522,2587546979586341018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:4780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7881683070316292522,2587546979586341018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:82⤵PID:3912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7881683070316292522,2587546979586341018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,7881683070316292522,2587546979586341018,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5960 /prefetch:82⤵PID:4932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7881683070316292522,2587546979586341018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:12⤵PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,7881683070316292522,2587546979586341018,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5992 /prefetch:82⤵PID:1892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7881683070316292522,2587546979586341018,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2912
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4596
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4184
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5ea835aee902747a8bb5af0b3ed56628d
SHA1d48075eed6329471ecdd1f69b535077e5a4423b0
SHA2568e3a3bd5a0e78e6014e7f8e1fe34cbbd1e0da1d21786f3e6bd521e4db9e6ef10
SHA5125595db8664683413430d51e644b26ddba5190b92d2a1cbc3f534583353bb047f2c4935462fcbc9c4eb52ed05316d1029f5cb4bf4860520e1c036b5b1fa3c0a3f
-
Filesize
152B
MD5fbc957a83b42f65c351e04ce810c1c11
SHA178dcdf88beec5a9c112c145f239aefb1203d55ad
SHA2567bb59b74f42792a15762a77ca69f52bf5cc4506261a67f78cd673a2d398e6128
SHA512efad54eb0bd521c30bc4a96b9d4cb474c4ca42b4c108e08983a60c880817f61bc19d97538cc09a54b2db95ab9c8996f790672e19fb3851a5d93f174acdfac0ce
-
Filesize
152B
MD55b6ff6669a863812dff3a9e76cb311e4
SHA1355f7587ad1759634a95ae191b48b8dbaa2f1631
SHA256c7fb7eea8bea4488bd4605df51aa560c0e1b11660e9228863eb4ad1be0a07906
SHA512d153b1412fadda28c0582984e135b819ba330e01d3299bb4887062ffd6d3303da4f2c4b64a3de277773f4756da361e7bc5885c226ae2a5cfdd16ee60512e2e5e
-
Filesize
186B
MD5094ab275342c45551894b7940ae9ad0d
SHA12e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e
SHA256ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3
SHA51219d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d
-
Filesize
6KB
MD5e0c7b874497770a6eba9f9735ae061bc
SHA127e7a5fd3374417ff95abe933afe91d421de6d0c
SHA256cb24c3c7ad6a8fb394deb2c96093e0b0a6f186aae8a23794e471b10f40de6f4f
SHA5121fdcede8e7675200152786fad45fa87b5e3c87bff1e8a4f7840ef30cf13d207c220a6a1787155921fdba7368389122d78bb45687f84234908086f717d6a1ff07
-
Filesize
6KB
MD50af5080fef40b819faecd2a752185805
SHA18015d8ba6cd05f67889ba3a4c74a96cfb5cf82fb
SHA2568f3e46997efc6b912aaaf9469f849314a4ff015b704c546a30397c51484d51b7
SHA512a978c1e8a2f350bbccb5fccc0cf5afd9636a6a031c1765e934f21689cc03ecb0127a11556c7a708ddaf1769087af4c59653a3cfae5a95695648cbaf9cd44214d
-
Filesize
6KB
MD57b21c244cefbb108dd7042c97284557a
SHA1ecc451d1c160efc8dfb7b75f877ce7f25e938f67
SHA2562d966b162753c9144bcc899e81d753cc5f4c9004fd80bae3e4804d676e1a3ae2
SHA512a752025b68647bd8b7e3330d0fa8fec0965326974f15bb9087755278cab7d7690546a421c07acb730f55bdd4a3786056ed05533c03c187b227ffc9d5e7cc5990
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD52eb1fef73e70b96b8f6aca199dc3ab48
SHA11db88afdf53c0480f997bd84867a7e4ff293fd54
SHA2564c045fcf2369f218697a438a2438dfc8f7794a5a15efeaee0aefbfe4836fd1e6
SHA5124de987b703fd3c6db371db4fbc2773005fcf8d63d2096fa99ce1fad56de168f6e2fd6820c6757c8c0535512c010685532261bd70ef9649eeccdf1bbf33520c45