Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
21-07-2024 19:10
Static task
static1
Behavioral task
behavioral1
Sample
solar spoofer.bat
Resource
win10v2004-20240709-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
solar spoofer.bat
-
Size
13B
-
MD5
17a80a5c928f46d663f5cb52b6abaac7
-
SHA1
9b3b22ddbb6e4030d08f81a35438f85276bbe5a6
-
SHA256
22e90ba471b275fe05d5272c33e8a5a1187443bf079061986e551c34b655384d
-
SHA512
0cc3ebf7aa63f6437e3bc4f81397f7a85ad408061cf50bbd0f817e0d9b933107454ccf1fe42ac44f375a863a56a5d0f0e19aefdd5af81fbbb3baf694aa8c2cd1
Score
1/10
Malware Config
Signatures
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\MuiCache StartMenuExperienceHost.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 14244 StartMenuExperienceHost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5064 wrote to memory of 2836 5064 cmd.exe 85 PID 5064 wrote to memory of 2836 5064 cmd.exe 85 PID 5064 wrote to memory of 228 5064 cmd.exe 87 PID 5064 wrote to memory of 228 5064 cmd.exe 87 PID 5064 wrote to memory of 3044 5064 cmd.exe 89 PID 5064 wrote to memory of 3044 5064 cmd.exe 89 PID 5064 wrote to memory of 1764 5064 cmd.exe 90 PID 5064 wrote to memory of 1764 5064 cmd.exe 90 PID 5064 wrote to memory of 5028 5064 cmd.exe 93 PID 5064 wrote to memory of 5028 5064 cmd.exe 93 PID 5064 wrote to memory of 2632 5064 cmd.exe 94 PID 5064 wrote to memory of 2632 5064 cmd.exe 94 PID 5064 wrote to memory of 2312 5064 cmd.exe 95 PID 5064 wrote to memory of 2312 5064 cmd.exe 95 PID 5064 wrote to memory of 3244 5064 cmd.exe 96 PID 5064 wrote to memory of 3244 5064 cmd.exe 96 PID 5064 wrote to memory of 2760 5064 cmd.exe 97 PID 5064 wrote to memory of 2760 5064 cmd.exe 97 PID 5064 wrote to memory of 3476 5064 cmd.exe 98 PID 5064 wrote to memory of 3476 5064 cmd.exe 98 PID 5064 wrote to memory of 2928 5064 cmd.exe 100 PID 5064 wrote to memory of 2928 5064 cmd.exe 100 PID 5064 wrote to memory of 3532 5064 cmd.exe 105 PID 5064 wrote to memory of 3532 5064 cmd.exe 105 PID 5064 wrote to memory of 3600 5064 cmd.exe 106 PID 5064 wrote to memory of 3600 5064 cmd.exe 106 PID 5064 wrote to memory of 5072 5064 cmd.exe 108 PID 5064 wrote to memory of 5072 5064 cmd.exe 108 PID 5064 wrote to memory of 1320 5064 cmd.exe 110 PID 5064 wrote to memory of 1320 5064 cmd.exe 110 PID 5064 wrote to memory of 4072 5064 cmd.exe 111 PID 5064 wrote to memory of 4072 5064 cmd.exe 111 PID 5064 wrote to memory of 2752 5064 cmd.exe 112 PID 5064 wrote to memory of 2752 5064 cmd.exe 112 PID 5064 wrote to memory of 3452 5064 cmd.exe 115 PID 5064 wrote to memory of 3452 5064 cmd.exe 115 PID 5064 wrote to memory of 4584 5064 cmd.exe 117 PID 5064 wrote to memory of 4584 5064 cmd.exe 117 PID 5064 wrote to memory of 4844 5064 cmd.exe 119 PID 5064 wrote to memory of 4844 5064 cmd.exe 119 PID 5064 wrote to memory of 3864 5064 cmd.exe 120 PID 5064 wrote to memory of 3864 5064 cmd.exe 120 PID 5064 wrote to memory of 3032 5064 cmd.exe 122 PID 5064 wrote to memory of 3032 5064 cmd.exe 122 PID 5064 wrote to memory of 2348 5064 cmd.exe 124 PID 5064 wrote to memory of 2348 5064 cmd.exe 124 PID 5064 wrote to memory of 4436 5064 cmd.exe 126 PID 5064 wrote to memory of 4436 5064 cmd.exe 126 PID 5064 wrote to memory of 1848 5064 cmd.exe 127 PID 5064 wrote to memory of 1848 5064 cmd.exe 127 PID 5064 wrote to memory of 4428 5064 cmd.exe 129 PID 5064 wrote to memory of 4428 5064 cmd.exe 129 PID 5064 wrote to memory of 3608 5064 cmd.exe 130 PID 5064 wrote to memory of 3608 5064 cmd.exe 130 PID 5064 wrote to memory of 772 5064 cmd.exe 132 PID 5064 wrote to memory of 772 5064 cmd.exe 132 PID 5064 wrote to memory of 4064 5064 cmd.exe 134 PID 5064 wrote to memory of 4064 5064 cmd.exe 134 PID 5064 wrote to memory of 3920 5064 cmd.exe 136 PID 5064 wrote to memory of 3920 5064 cmd.exe 136 PID 5064 wrote to memory of 2916 5064 cmd.exe 137 PID 5064 wrote to memory of 2916 5064 cmd.exe 137 PID 5064 wrote to memory of 4720 5064 cmd.exe 140 PID 5064 wrote to memory of 4720 5064 cmd.exe 140
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\solar spoofer.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:5064 -
C:\Windows\system32\cmd.execmd2⤵PID:2836
-
-
C:\Windows\system32\cmd.execmd2⤵PID:228
-
-
C:\Windows\system32\cmd.execmd2⤵PID:3044
-
-
C:\Windows\system32\cmd.execmd2⤵PID:1764
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5028
-
-
C:\Windows\system32\cmd.execmd2⤵PID:2632
-
-
C:\Windows\system32\cmd.execmd2⤵PID:2312
-
-
C:\Windows\system32\cmd.execmd2⤵PID:3244
-
-
C:\Windows\system32\cmd.execmd2⤵PID:2760
-
-
C:\Windows\system32\cmd.execmd2⤵PID:3476
-
-
C:\Windows\system32\cmd.execmd2⤵PID:2928
-
-
C:\Windows\system32\cmd.execmd2⤵PID:3532
-
-
C:\Windows\system32\cmd.execmd2⤵PID:3600
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5072
-
-
C:\Windows\system32\cmd.execmd2⤵PID:1320
-
-
C:\Windows\system32\cmd.execmd2⤵PID:4072
-
-
C:\Windows\system32\cmd.execmd2⤵PID:2752
-
-
C:\Windows\system32\cmd.execmd2⤵PID:3452
-
-
C:\Windows\system32\cmd.execmd2⤵PID:4584
-
-
C:\Windows\system32\cmd.execmd2⤵PID:4844
-
-
C:\Windows\system32\cmd.execmd2⤵PID:3864
-
-
C:\Windows\system32\cmd.execmd2⤵PID:3032
-
-
C:\Windows\system32\cmd.execmd2⤵PID:2348
-
-
C:\Windows\system32\cmd.execmd2⤵PID:4436
-
-
C:\Windows\system32\cmd.execmd2⤵PID:1848
-
-
C:\Windows\system32\cmd.execmd2⤵PID:4428
-
-
C:\Windows\system32\cmd.execmd2⤵PID:3608
-
-
C:\Windows\system32\cmd.execmd2⤵PID:772
-
-
C:\Windows\system32\cmd.execmd2⤵PID:4064
-
-
C:\Windows\system32\cmd.execmd2⤵PID:3920
-
-
C:\Windows\system32\cmd.execmd2⤵PID:2916
-
-
C:\Windows\system32\cmd.execmd2⤵PID:4720
-
-
C:\Windows\system32\cmd.execmd2⤵PID:1780
-
-
C:\Windows\system32\cmd.execmd2⤵PID:1568
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5108
-
-
C:\Windows\system32\cmd.execmd2⤵PID:3948
-
-
C:\Windows\system32\cmd.execmd2⤵PID:3764
-
-
C:\Windows\system32\cmd.execmd2⤵PID:3788
-
-
C:\Windows\system32\cmd.execmd2⤵PID:3816
-
-
C:\Windows\system32\cmd.execmd2⤵PID:2428
-
-
C:\Windows\system32\cmd.execmd2⤵PID:1136
-
-
C:\Windows\system32\cmd.execmd2⤵PID:552
-
-
C:\Windows\system32\cmd.execmd2⤵PID:1512
-
-
C:\Windows\system32\cmd.execmd2⤵PID:3928
-
-
C:\Windows\system32\cmd.execmd2⤵PID:3712
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5232
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5260
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5296
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5320
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5328
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5344
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5388
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5408
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5436
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5456
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5480
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5500
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5532
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5808
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5824
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5832
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5840
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5856
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5864
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5872
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5888
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5896
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5904
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5932
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5948
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5972
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5996
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6004
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6020
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6052
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6060
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6076
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6104
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6124
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5272
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5528
-
-
C:\Windows\system32\cmd.execmd2⤵PID:5820
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6032
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6164
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6172
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6208
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6232
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6248
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6284
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6304
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6332
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6356
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6384
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6420
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6440
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6464
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6484
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6520
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6544
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6572
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6596
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6620
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6652
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6668
-
-
C:\Windows\system32\cmd.execmd2⤵PID:6760
-
-
C:\Windows\system32\cmd.execmd2⤵PID:7036
-
-
C:\Windows\system32\cmd.execmd2⤵PID:7060
-
-
C:\Windows\system32\cmd.execmd2⤵PID:7080
-
-
C:\Windows\system32\cmd.execmd2⤵PID:7092
-
-
C:\Windows\system32\cmd.execmd2⤵PID:7120
-
-
C:\Windows\system32\cmd.execmd2⤵PID:7508
-
-
C:\Windows\system32\cmd.execmd2⤵PID:7520
-
-
C:\Windows\system32\cmd.execmd2⤵PID:7536
-
-
C:\Windows\system32\cmd.execmd2⤵PID:7544
-
-
C:\Windows\system32\cmd.execmd2⤵PID:7552
-
-
C:\Windows\system32\cmd.execmd2⤵PID:7568
-
-
C:\Windows\system32\cmd.execmd2⤵PID:7584
-
-
C:\Windows\system32\cmd.execmd2⤵PID:7592
-
-
C:\Windows\system32\cmd.execmd2⤵PID:7600
-
-
C:\Windows\system32\cmd.execmd2⤵PID:7756
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8252
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8268
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8296
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8304
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8312
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8328
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8368
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8384
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8400
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8428
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8444
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8464
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8480
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8512
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8524
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8544
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8560
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8584
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8592
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8616
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8628
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8640
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8660
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8680
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8700
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8720
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8728
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8752
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8780
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8808
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8832
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8860
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8892
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8912
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8940
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8976
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8992
-
-
C:\Windows\system32\cmd.execmd2⤵PID:9008
-
-
C:\Windows\system32\cmd.execmd2⤵PID:9032
-
-
C:\Windows\system32\cmd.execmd2⤵PID:8604
-
-
C:\Windows\system32\cmd.execmd2⤵PID:9952
-
-
C:\Windows\system32\cmd.execmd2⤵PID:9968
-
-
C:\Windows\system32\cmd.execmd2⤵PID:9976
-
-
C:\Windows\system32\cmd.execmd2⤵PID:9984
-
-
C:\Windows\system32\cmd.execmd2⤵PID:9992
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10136
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10152
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10168
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10188
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10212
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10232
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10184
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10368
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10384
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10392
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10400
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10408
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10416
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10424
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10440
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10448
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10456
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10464
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10472
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10480
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10588
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10596
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10604
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10612
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10620
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10628
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10644
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10664
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10684
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10704
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10728
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10756
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10796
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10824
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10852
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10876
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10888
-
-
C:\Windows\system32\cmd.execmd2⤵PID:10904
-
-
C:\Windows\system32\cmd.execmd2⤵PID:11276
-
-
C:\Windows\system32\cmd.execmd2⤵PID:11692
-
-
C:\Windows\system32\cmd.execmd2⤵PID:11708
-
-
C:\Windows\system32\cmd.execmd2⤵PID:11716
-
-
C:\Windows\system32\cmd.execmd2⤵PID:11728
-
-
C:\Windows\system32\cmd.execmd2⤵PID:11752
-
-
C:\Windows\system32\cmd.execmd2⤵PID:11760
-
-
C:\Windows\system32\cmd.execmd2⤵PID:11768
-
-
C:\Windows\system32\cmd.execmd2⤵PID:11776
-
-
C:\Windows\system32\cmd.execmd2⤵PID:11784
-
-
C:\Windows\system32\cmd.execmd2⤵PID:12016
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:14244