878e0acded4880f191963902e2c1a3084c2170c355d74ddf8778e66f92cac053

Analysis

max time kernel
1893s
max time network
1898s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
01/08/2024, 21:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

solara-bootstrapper.html
Size

4KB
MD5

3971dec8d72e1e6c0725a21dff3eb150
SHA1

6518044ae01d63bf77d9e0f11b205be27ace8b84
SHA256

878e0acded4880f191963902e2c1a3084c2170c355d74ddf8778e66f92cac053
SHA512

197b21ee090a1873daa8ef0cd14c4a5c37f53e2a257a5ecd2c7322dc107d8dd29eb16db8e70a584e0a8f59fb8b62322d67d4f153f17e5da1c9e9901a2b6295f2
SSDEEP

96:1j9jwIjYj5jDK/D5DMF+C8/ZqXKHvpIkdNwrRU9PaQxJbGD:1j9jhjYj9K/Vo+n8aHvFdNwry9ieJGD

Score

9^/10

discovery evasion themida

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Themida packer 7 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/4484-534-0x0000000180000000-0x0000000180A7D000-memory.dmp	themida
behavioral1/memory/4484-537-0x0000000180000000-0x0000000180A7D000-memory.dmp	themida
behavioral1/memory/4484-536-0x0000000180000000-0x0000000180A7D000-memory.dmp	themida
behavioral1/memory/4484-535-0x0000000180000000-0x0000000180A7D000-memory.dmp	themida
behavioral1/memory/4484-553-0x0000000180000000-0x0000000180A7D000-memory.dmp	themida
behavioral1/memory/4484-557-0x0000000180000000-0x0000000180A7D000-memory.dmp	themida
behavioral1/memory/4484-587-0x0000000180000000-0x0000000180A7D000-memory.dmp	themida

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
66	raw.githubusercontent.com
67	raw.githubusercontent.com
70	pastebin.com
71	pastebin.com

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4484	Solara.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133670218968937616"	chrome.exe

Suspicious behavior: EnumeratesProcesses 35 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4276	chrome.exe
4276	chrome.exe
4864	chrome.exe
4864	chrome.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe
4484	Solara.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4484	Solara.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 3648	4864	chrome.exe	70
PID 4864 wrote to memory of 3648	4864	chrome.exe	70
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2384	4864	chrome.exe	72
PID 4864 wrote to memory of 2832	4864	chrome.exe	73
PID 4864 wrote to memory of 2832	4864	chrome.exe	73
PID 4864 wrote to memory of 5088	4864	chrome.exe	74
PID 4864 wrote to memory of 5088	4864	chrome.exe	74
PID 4864 wrote to memory of 5088	4864	chrome.exe	74
PID 4864 wrote to memory of 5088	4864	chrome.exe	74
PID 4864 wrote to memory of 5088	4864	chrome.exe	74
PID 4864 wrote to memory of 5088	4864	chrome.exe	74
PID 4864 wrote to memory of 5088	4864	chrome.exe	74
PID 4864 wrote to memory of 5088	4864	chrome.exe	74
PID 4864 wrote to memory of 5088	4864	chrome.exe	74
PID 4864 wrote to memory of 5088	4864	chrome.exe	74
PID 4864 wrote to memory of 5088	4864	chrome.exe	74
PID 4864 wrote to memory of 5088	4864	chrome.exe	74
PID 4864 wrote to memory of 5088	4864	chrome.exe	74
PID 4864 wrote to memory of 5088	4864	chrome.exe	74
PID 4864 wrote to memory of 5088	4864	chrome.exe	74
PID 4864 wrote to memory of 5088	4864	chrome.exe	74
PID 4864 wrote to memory of 5088	4864	chrome.exe	74
PID 4864 wrote to memory of 5088	4864	chrome.exe	74
PID 4864 wrote to memory of 5088	4864	chrome.exe	74
PID 4864 wrote to memory of 5088	4864	chrome.exe	74
PID 4864 wrote to memory of 5088	4864	chrome.exe	74
PID 4864 wrote to memory of 5088	4864	chrome.exe	74

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\solara-bootstrapper.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdb89b9758,0x7ffdb89b9768,0x7ffdb89b9778
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1868,i,17140654525755016682,3671231981295742230,131072 /prefetch:2
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1672 --field-trial-handle=1868,i,17140654525755016682,3671231981295742230,131072 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1868,i,17140654525755016682,3671231981295742230,131072 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2832 --field-trial-handle=1868,i,17140654525755016682,3671231981295742230,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1868,i,17140654525755016682,3671231981295742230,131072 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4136 --field-trial-handle=1868,i,17140654525755016682,3671231981295742230,131072 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4224 --field-trial-handle=1868,i,17140654525755016682,3671231981295742230,131072 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4248 --field-trial-handle=1868,i,17140654525755016682,3671231981295742230,131072 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4252 --field-trial-handle=1868,i,17140654525755016682,3671231981295742230,131072 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1868,i,17140654525755016682,3671231981295742230,131072 /prefetch:8
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=832 --field-trial-handle=1868,i,17140654525755016682,3671231981295742230,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4532 --field-trial-handle=1868,i,17140654525755016682,3671231981295742230,131072 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4696 --field-trial-handle=1868,i,17140654525755016682,3671231981295742230,131072 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4924 --field-trial-handle=1868,i,17140654525755016682,3671231981295742230,131072 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 --field-trial-handle=1868,i,17140654525755016682,3671231981295742230,131072 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1868,i,17140654525755016682,3671231981295742230,131072 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 --field-trial-handle=1868,i,17140654525755016682,3671231981295742230,131072 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1504 --field-trial-handle=1868,i,17140654525755016682,3671231981295742230,131072 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5376 --field-trial-handle=1868,i,17140654525755016682,3671231981295742230,131072 /prefetch:1
  2⤵
  PID:964

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2276

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2180

C:\Users\Admin\Downloads\Solara.Dir\Solara\Solara.exe
"C:\Users\Admin\Downloads\Solara.Dir\Solara\Solara.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:4484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
537dbf55e008ca87a0ec6d893a6c2e38

SHA1
db966509d3311279c030c5d978aeb47d7c9305bf

SHA256
41a9f0fb72993891e03c7824b46aa3d0454182019be375ac5bcdce9af2206838

SHA512
35edefe370f8f93ce78c15c9ec49b803ae63565ac17c59a5562116f64045db825ed7fbe7db24b7ef02b2ed7bafb50196f88b45a740bb796035291ef9660f2bf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8864aaef9a22b6dfc2513b9c18d43d2f

SHA1
c13043a5214927baff32fb364df80636f19725d7

SHA256
79a6345472c23629b5f94d14fbd4ebe852520acbac6ca2f2d8956fd9bbcec5a9

SHA512
37d75f4a4040f73d437385ea0198619df574d62fd1e822fa84450f54dd99c3e4f16052e9a439730511bb4b1004abf4f56103aafcdc6039bb9512d522883d32ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
873B

MD5
605936a55e57b898849f7797abc89352

SHA1
2eef9d33288e47d5ea99000f45422eadec1fd3cf

SHA256
a3a6616000309eb0991307f0f0b1ad018356a0878a5738877a2416bacf5b5e4b

SHA512
791f48934b6add30f8e0bef5a9d5d5c5ae946177c62759db5b6226de9c91f9b606882b48d6e34caf5ea97616178e78de57e3efc224deddcb8c4033e34bbca783

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
204B

MD5
c420376c07b598d4a962d1bf30e24751

SHA1
1d45fb628b60562ea14ecb7c4c387d29884d9411

SHA256
54969393858c349cacb366b18ddb577291dcf76a54805f61ad659f9f90dfd134

SHA512
949f44f78f38765b340a72899b9976aad9522a811c5cc3a866f4e6a76eecbf3062d9364f183c25e43841f228d5143a26082a330766407daaadaa555c029cdaa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
608b9ff307a5e319dd8e3c9f3bf4d184

SHA1
ae31f41e33e2c4789b7ce37256a9ef10dd385f3e

SHA256
3b0b816834cc16301a8196d6f403f22c0a447bf3816e7a558d7602e7a60cf1b6

SHA512
60be51955c54143a8186e4f038711a63041f5bdb17174205cb64164737c927f6f175cd8ae301b80c5c09db2a29d8556f19102e17e690017b0bfe1bc5f58e9c7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7448d649ca4cdc3ca98e6c92cd5c397c

SHA1
dd61e491cf60a4c72ceb82717c10b5200be107b5

SHA256
0648843b4134b594a549985798c85cc5d62c4a3c1d865727be8a06984c04658f

SHA512
f4b63f7647214fa4ab430900b70d3d350df9fcfa366482ba1a633797bb3cff5b55f7a535956a2bd237c1ec4475226b3b63f1263ed00a0ff690d5867837729306

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
15aeef24432949792a2ff0402e20c082

SHA1
2453bd2b5e11d321efcac2d187f7a68eba2dc3a1

SHA256
ddd9b2a5d2ed58535fa4826b47b38d436aa62d341417ce17657e6f464dea9bd5

SHA512
abe51ad6fed1d1a6a31bc92131a86a9fe417cf5b6b9ae7e6c979597b74989d1e5cd16490299c5b626e5ff3741a866ea2d07db5c72dcf89fd9233c2d2c2341b65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b029ca84-3c61-469e-9106-aac655383f6b.tmp

Filesize
1KB

MD5
6a9498e894220157a382cd48f65a9d73

SHA1
ae75781fbebcdb4f3d572169f99db6ecf2704ad5

SHA256
15ba8e715e13c5072554e3be3878f8b92a6b160d787c9a249166799f15ca4b35

SHA512
c4a03387b5dc8009d4b209a6b816a819b7bac70ac84392bbf3dc7a470cc8fedb68be76b30b3617f187628ceea24611eb5adeaaa441f7ab1fa891b83e64bb29b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1f15e2e8d96078a1d55050945a9e6c19

SHA1
d076f01ec92aa4eca59a5ff9747863be862b450a

SHA256
7b0289f6dec9146d27840db87293e21c24a8e25927a26e056904d5205cba836e

SHA512
60afcece00eac5265949e4b58965790e42546cbac369235028470eee4a49cc6a89829d95aac15b8e2b725a85f7fbd3491ad47748ca9ac525959c6b3dbfd1bbe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
538d615a968cd16f455eb48cb7a117f9

SHA1
2acadbcb8b391f1d6ab970cb58bab6d7502332ad

SHA256
d65f21ea1042c960a0296bb652e051c2a0a4a655b9a4adc29eb7b6dfe750255d

SHA512
975d7430bb9cf09fa6209f21b2ff15dd028f9ca15ee6fa432a8b30a390ab64c58aaa2f398ff8a1c64e5d41d7593e4a06a2d9ef439191d0ca15b52a73148fbbad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7148701713a3997ebab646e86315b9ba

SHA1
735c7556ca2d3ad85ad0d851ff2d9eee8e60bfcc

SHA256
0a5bf6e49c19701228ac97afeaf92ba4507ebafb356552697501288f1619e3f0

SHA512
3ee72ec9a2bcee6eafd25ee3b37eb2d9cc01bf5278e1443b1a7e9c29976c5a9dc849f22c81b43299b4762951387095f07f1b79feaf2104858be52abb3ee859b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
839f8d0ad5099b09eb14206fd2997ed2

SHA1
ce43211b37a0c4623c761685ec160e4edb16796b

SHA256
3711d30fb22142a43e9741b92b2185d7e7fba94cd539477cbe12d44586f59263

SHA512
5ef8b05d7b75a6dcf42045d1a512158ca824c681d87e531be5af4845fc97447d3b6935971dd3e953059280b4346d6b0b887145f189728f11511847ab66bfdd32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e3b7fc58ca22411836753b979586e837

SHA1
aa4ba419197b80472358fcd51e2dd658d3a580d8

SHA256
e79244cee4108013b5938f2fef1b4375143072e531913315ec8c78531744be89

SHA512
e521498c7c84f03e5bdf785e5a2466af8a591a10e51a12d506cf942cb7afb1088d1b9884879be96f87c7ce580ab5c2702edb31377414e48c72f119a33f49dc64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
12facdb037b3735c25d0ae745198f233

SHA1
63a63dfa3f1fe2d0ff02fe478032cb7642fbd2f2

SHA256
24799af2b9bf7b0c5448e296f88cbd03dcc2de6322e9a233e885b648ae5879ec

SHA512
03e8e49f9085e2e71725547066748da50ebe95dd9ec143326e4b0ddd6f3b0f74db8f788cc4d407d1db643c08fcc14436137687098af149e99c394bf99bbddd50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
453c35dddba0faed41c172bb849e228d

SHA1
95c5cc67b06f86fe7d33f1a6c6888ffb4f66fbe2

SHA256
c7dfd835cafdae2ef56061fef7c6117016b8f572c0cf1ce30f50695e49835fc2

SHA512
cad0d3df8c2d886a5858f823e3c2c1d7055f15f922341652738bbe65621e8cee37fc6a4e27cfc1f84d720e5493bc080d03b15294eff2efc1a89f746c4d50cb20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
0347629425b61de56311540d205acf07

SHA1
e9d55df53265dda9ccc0b8dbf4def76fc8c76be6

SHA256
3971a26a9edb42086731c945bd383daf1c00c7ba8bb951e05bf3e59d2f3fe207

SHA512
28c6f11768d004f2ba102fd73d3e5cdb5c480fb393e31781bf021f6b9ba6d9758f894ea1fb8736fff969bfc6c4e1d50805121cf9658b7727639f71bb40ebe3ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
dfb858b0371163344593aef002319ad2

SHA1
5bef5f2bb78a95003c7ed6a1ccfebd81f0fdd840

SHA256
b0af220112a9f0b3e8f01b4abb36f9818a73cdac5f783867a563eb073f56521d

SHA512
ffdf75c95e7fecaf026ebb92261e2b2e1865b9f3540145d6e1e425c828d39fbd32e47572ba4be75e312532f8c8536eb0e2296bc02bdd6d62c7110506c304b650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
37964ab3831b8e64c23aca7462c4ae36

SHA1
be68a51a82f016bb59dcb225388f28e7627df2ce

SHA256
e894acfbcc0819090889ad644e2ff2d935772237ab353403383de3e33558c893

SHA512
867f77351ec5b0f3bd0e890b392f4d8a08d46e6062069c930bf107c60bea76d8720654137b40ef2b32c4059bb119dd49bc825721abd30ffa87c06fa2f2e7b448

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
bc4afd0db161851de4a70dc2fc23b749

SHA1
cad95121c00fd88c97f8afc37f4de8863399809c

SHA256
75a5e0513e4744a532557d337a51cea6f9ad08c916fc5455e39aa94eee8b4f14

SHA512
455e024e3b0727966e3c79a2c6211bf835001a8fbc9ec90533f945cf4c004cdf66954200c04ce7b2aeef515c945a31ba6e8a2903b0625d03e97a64fd6aeb24c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
170KB

MD5
0db4cca0944932ab905d258049f5ccb2

SHA1
7014b31a015eafefda66528c3c3ad29be9fabe41

SHA256
a35e7856e74e4a56638f067b829e42284939b554a7151dc40643c745e7293832

SHA512
bd990a07787a48454042f0e03c2885ddf9514d4ff302d88b73778c25fdab35a1cf6e5cd1944a2b1ff54b74e9e9b7b8d39a5feb2c402016e22fbb281af5f441e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
e4609c27b96183a22ab12f8fe04df1c6

SHA1
f18aa3197c8e622a6f2bde0f2309544a414c52a6

SHA256
5f13375ab5948f48d2b06a39dca8a1e048d7c39fdd310e5016c47be9a7659249

SHA512
cb48b293652a52481883ee645460c65407725ee829aac5658da06ffe9048a605f09eff3ebe58f53d42387a6054b32ea2f5ffef54ac37eccbaae86dd2b4d73a53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
0c49080fc267967f0380e208a20703f4

SHA1
aee57cc79c643023858f58a00b56f874f628c2c4

SHA256
92db270f9d190ea10f8417b3ac2b4709b2706bbfb8987cccae61848af558577d

SHA512
cfef90fbe83e24a0c4f0aca7aaa6ca4da5dfb5242561ccf619d815db8ba891e9a3eff8c82a82e7546d31a1a3e189550fa215e80718b1030a986ba8b6b4f22153

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
9f90e4dcd5deca94a7db80681563bb91

SHA1
8eaf7e4a5cff10dbe48a37df71cf12789157a568

SHA256
d16a577d85a2364d252ba0e8dbb79bab0b33a5a8ce80eaf7906c0d64d6f73ea2

SHA512
b4387212c6473218d0e6ffdf96ea702afdab89bfe0f5f336006944926ab0d6cafe03822d663548704068e33b59669b861c9724a4ea04c678f43209784b09e30b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
10f776c2f49373c280d8c7a9b81319a9

SHA1
a19b0a0fb1cb21196b98ddf40ae1f6ead942b1f8

SHA256
4b149dd2aaef9ea6d43d12aade5d208510e801d3220e5b6a8b549f8c6749bafd

SHA512
81930936cc00ced07e7018c09a0df3793f09f019188e9d6e5faa4c58627b45fd9525f3a66055eafbd702eb5277e67104338848372a4469fc86be449563e0378a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
50409b1dda99f769728f88260cf79b5b

SHA1
c1ba4963dc06a2a8e54a3550604cc30bc0da7ba9

SHA256
93740f4fed4f45ed196d6df5598beb0a9cd3bf76e24d42969ef1e4580365ee14

SHA512
d9523804a503339ea91d2ee38eef7a12d54c5b71aea6da4bec6bc8f8f76742c78d63bb4d9101406435c9591620f9d24921d4b2692a24545f4c7ada02595ab10b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
6a8b181b488b393c1b4db0d700566348

SHA1
5d479070cf1a68184a1c996d8cc1bcdf73194c62

SHA256
5c0c33d74f2a6cb78a21812387f6c1d9d507fbc1d7b60a6f6594d4a7334341f8

SHA512
f04bcbab7d0a7551ce3e9035f5464c9862b1f07bc387a316fb78c07186907e0c403ecdd8e3490675ec77a5910be29c741125197578fab3e34e4284c72f5bc716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Solara.Dir.zip.crdownload

Filesize
7.6MB

MD5
f690180645ba1efa6d7d961876272578

SHA1
384ce25c4f050d4620c5d460eacfdb8a5d4c34f0

SHA256
d1a24f7cf27843b2045f43b63bf20e4eccf5dc659378012c78b5726942abac73

SHA512
5f2aa2e3d9f0ed7dd6a27e8ce48ef393cfc10c7538b1fc8d796008257fc87515a401b619fbbef549aae80df3ccebaeb128cadacaae3636fa86cfbf7503142659

Download Submit
memory/4484-516-0x000001CD80AE0000-0x000001CD80AFC000-memory.dmp

Filesize
112KB

Download
memory/4484-520-0x000001CD9B330000-0x000001CD9B3E2000-memory.dmp

Filesize
712KB

Download
memory/4484-521-0x000001CD9B1B0000-0x000001CD9B1D2000-memory.dmp

Filesize
136KB

Download
memory/4484-522-0x000001CD9B1E0000-0x000001CD9B1EE000-memory.dmp

Filesize
56KB

Download
memory/4484-523-0x000001CD9BF00000-0x000001CD9BF7E000-memory.dmp

Filesize
504KB

Download
memory/4484-519-0x000001CD9B270000-0x000001CD9B328000-memory.dmp

Filesize
736KB

Download
memory/4484-533-0x000001CD9BA70000-0x000001CD9BBF9000-memory.dmp

Filesize
1.5MB

Download
memory/4484-534-0x0000000180000000-0x0000000180A7D000-memory.dmp

Filesize
10.5MB

Download
memory/4484-537-0x0000000180000000-0x0000000180A7D000-memory.dmp

Filesize
10.5MB

Download
memory/4484-536-0x0000000180000000-0x0000000180A7D000-memory.dmp

Filesize
10.5MB

Download
memory/4484-535-0x0000000180000000-0x0000000180A7D000-memory.dmp

Filesize
10.5MB

Download
memory/4484-540-0x000001CD9BFE0000-0x000001CD9BFE8000-memory.dmp

Filesize
32KB

Download
memory/4484-541-0x000001CD9C1C0000-0x000001CD9C1F8000-memory.dmp

Filesize
224KB

Download
memory/4484-542-0x000001CD9C1B0000-0x000001CD9C1BE000-memory.dmp

Filesize
56KB

Download
memory/4484-552-0x000001CD9BA70000-0x000001CD9BBF9000-memory.dmp

Filesize
1.5MB

Download
memory/4484-553-0x0000000180000000-0x0000000180A7D000-memory.dmp

Filesize
10.5MB

Download
memory/4484-554-0x00007FFDA6313000-0x00007FFDA6314000-memory.dmp

Filesize
4KB

Download
memory/4484-555-0x00007FFDA6310000-0x00007FFDA6CFC000-memory.dmp

Filesize
9.9MB

Download
memory/4484-556-0x000001CD9BA70000-0x000001CD9BBF9000-memory.dmp

Filesize
1.5MB

Download
memory/4484-557-0x0000000180000000-0x0000000180A7D000-memory.dmp

Filesize
10.5MB

Download
memory/4484-518-0x00007FFDA6310000-0x00007FFDA6CFC000-memory.dmp

Filesize
9.9MB

Download
memory/4484-517-0x000001CD9B530000-0x000001CD9BA6C000-memory.dmp

Filesize
5.2MB

Download
memory/4484-515-0x00007FFDA6313000-0x00007FFDA6314000-memory.dmp

Filesize
4KB

Download
memory/4484-587-0x0000000180000000-0x0000000180A7D000-memory.dmp

Filesize
10.5MB

Download