Overview

overview

6

Static

static

1

URLScan

urlscan

https://github.com/p...

windows7-x64

6

Analysis

  • max time kernel
    50s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    13-07-2024 18:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/pankoza2-pl/trojan-leaks/raw/main/Solaris%202.0.zip

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/pankoza2-pl/trojan-leaks/raw/main/Solaris%202.0.zip"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/pankoza2-pl/trojan-leaks/raw/main/Solaris%202.0.zip
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2236
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.0.1775936243\112670287" -parentBuildID 20221007134813 -prefsHandle 1236 -prefMapHandle 1080 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5abc38e4-de70-47ce-b56a-42faf78a2f5e} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 1332 10aeee58 gpu
        3⤵
          PID:2884
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.1.1335771602\1486865559" -parentBuildID 20221007134813 -prefsHandle 1484 -prefMapHandle 1480 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df496afb-57de-40ec-9de5-87e2183dd74d} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 1496 44d3e58 socket
          3⤵
            PID:2696
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.2.1045607337\1490750705" -childID 1 -isForBrowser -prefsHandle 2036 -prefMapHandle 2032 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {95679698-3dc5-4b92-9977-d7a49200a4ff} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 2052 1a1c8458 tab
            3⤵
              PID:1228
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.3.1993522342\976724006" -childID 2 -isForBrowser -prefsHandle 2736 -prefMapHandle 2732 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23a6a920-0374-4904-858a-429af44dd38d} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 2748 1d081c58 tab
              3⤵
                PID:1236
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.4.1782572994\1680173490" -childID 3 -isForBrowser -prefsHandle 3784 -prefMapHandle 3772 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {226cea57-db10-45cf-a7e6-5091cd92e32e} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 3792 1a132c58 tab
                3⤵
                  PID:928
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.5.713409665\1244738299" -childID 4 -isForBrowser -prefsHandle 3904 -prefMapHandle 3908 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8afff638-208b-4811-aa11-6ad52cdad1a3} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 3892 20007e58 tab
                  3⤵
                    PID:1004
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.6.1518691689\1095669029" -childID 5 -isForBrowser -prefsHandle 4068 -prefMapHandle 4072 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e86cd161-feb5-4408-92c3-d61afbe8065f} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 4056 20008158 tab
                    3⤵
                      PID:2132
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.7.224128571\2047425198" -childID 6 -isForBrowser -prefsHandle 3740 -prefMapHandle 3400 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00ea9edb-273a-4738-950f-28e786835f95} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 3612 10f97758 tab
                      3⤵
                        PID:1788

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sexvjvzg.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    26KB

                    MD5

                    58d59c4734fce893d322f3178a7db21f

                    SHA1

                    d392744b7c827612a079569734de29c79e9890ef

                    SHA256

                    b5c7489d374eda935a132208587bc7a23120fb7eb8fc92b5ab6a6a1238dec231

                    SHA512

                    bb9778c00f9a10a075d3fce94309db2098e67ff7f239c221d7310804443dabe1c58abc9119424c312763295f30ac71c71107ac2d1b47342940b2b88dd4ebf0ee

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    2KB

                    MD5

                    cd3e4d61100f790bfb1635d06ee2112a

                    SHA1

                    62ef05bd152adcc255bbce893130d82a3fcbbc88

                    SHA256

                    5f88879b7a8674d6947941ed73c9af81175eb678d3aded076ee88c8ea1158a60

                    SHA512

                    cf6d92d50187732fb7176a3144dd0c099aa297fc595694414d28864593a87f3a2fd3531dfdb8b036b5a93824b4568f94ce8bc4390482f18cb37546f644f99443

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    2KB

                    MD5

                    c35eefbc9dd85a362aa356ea777869dc

                    SHA1

                    458825af383456ad75dad3bbaa44af1e9def6a14

                    SHA256

                    8e03771e07b047fea49a3cf5240491cc7d48f606e4a9860f821d88b498a84c8f

                    SHA512

                    b72ce8920c8cc56061eb84cfc2a92d07981012f285685aaf1aad8f4c9a005e30bcbbf7780a7562dd4321067c26a4ddc924b19f9aa3fb7814621ea851037ea2ab

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\datareporting\glean\pending_pings\bc64db98-270c-4dbd-8fe6-a161f5fdec17
                    Filesize

                    12KB

                    MD5

                    b1abd45b1bf1a8906c96fe95ba5588dd

                    SHA1

                    c40fc3f806fb3ff6b23db980336846e66fc6f999

                    SHA256

                    604d06353dc98eb48269b62d152d19ab5c2cf7b577596cb15349662cd1937ea1

                    SHA512

                    fc7e5829b85834cb0df6ecb529360c8f3850dcd16970e575166dfea599d5dab0950d3470a0cab79f737b41ff1a80e5c2a46cb465b2048eb346d5407f062b5ba7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\datareporting\glean\pending_pings\d14a4fe1-ba08-43a2-a02c-5eff32ace6b6
                    Filesize

                    745B

                    MD5

                    f769db0b9ab003f78ea57a2bfa02f1d0

                    SHA1

                    94027f1d75803861917f8b80bc2c34cc99ebd9ef

                    SHA256

                    a004b8f0d7c37eec477f7ed0dad0f60861732952de319d5bd230a88f9222c3a2

                    SHA512

                    58e9382efd61a3bd52a16a8b73ccd1edf6e72e7f534a732932be2597ea8aedcf2f962c2fc9c93fc0291bd69e14dd12afb18efe2d2b894cc4dafdcdab1585b7d8

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    a3e47ffc985f47d61e98de7c31951e2d

                    SHA1

                    fe7fe49da32fb41d4ebb5dcc3a8a290b76d180ad

                    SHA256

                    2fdbb9ca939d351a8683546143b592f7ed4d3eb5c2637bad06744816b02e87ce

                    SHA512

                    211fa37eee922eab5eb7ab13d4b76ff4ed2263091d76cf6c5b3a2492586db6a203b8e5d24ca7b02cb9b15727e1666daba22714b83e7c001550d678e115ef2cd0

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    9554d65ad06b160c3211fcbc533a3d8f

                    SHA1

                    ec7e1de4402ddd12760802586db032f0f8ff595b

                    SHA256

                    a19aa45a770f20b1da5a7372be95ee3cf279d7628b69ac15d1243ab3c2e3067b

                    SHA512

                    cbc563d2df2527e674db37e713393de9bff38214c112015f2489eae14b0e8eec076c8950b41a4e8353ed26b082d33665ca6ff7b7589e03d2841e9625a34105c5

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    968B

                    MD5

                    c8836774a4a9d385231c88102c14df40

                    SHA1

                    f4705a63a850492042f15591c60a2ec9347ff2d2

                    SHA256

                    08f6238f61a620da885f3fd364d0a0f29f9d5b33a5b677e55cdde3c27e788569

                    SHA512

                    4f62b91342ce3124a2d336e795932fe45217676fac729542eea2522cbfbe47bed9e1b73b888bda9d2bb4118b03456e109e3e109c9259b93c74b13ba6be667b8b

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    4KB

                    MD5

                    c1a272d938b9919171c488ca3112f1af

                    SHA1

                    7636d237eb5d265852591b08ca54d8c5b6e84258

                    SHA256

                    952b3ddde0717b9bd4ab83e76469925979beaf01071088b0ddf994d45bcecfb7

                    SHA512

                    72f01d71f2a8077855103a17546e27138b6dfa253ba11e65085a714a30fbd35367e880d77c944b01ab043b6d345c3e110fa9fa1f977c4b2aeb3a002a096cf718

                    Download Submit

                  • C:\Users\Admin\Downloads\Solaris 2.677uYfdg.0.zip.part
                    Filesize

                    31KB

                    MD5

                    6f247d8070a6ce72fba4d2e49b7c4a32

                    SHA1

                    527aa092f9cbbec731d1e41fb234fc2f5a63b0d5

                    SHA256

                    aab89e18feb301f75a4be542ad3e27bba13e0eaf684b2f23a1c952d3f0cf3c0e

                    SHA512

                    cfe38e497ca1e52aa43cb41d371bb7b9758a6028d67d3376eb300ac1e2dbb02697f5e22f3ccc22ed39d785e0d31c7df702e903c1dffde57f20d3bc3e9f66dd7e

                    Download Submit