8c730517d54a0156c1262047af0fd145e2e110805d57ed7012a8a16507f7e51b

Analysis

max time kernel
141s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/08/2024, 06:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Solaris/Solaris.exe
Size

10.6MB
MD5

34edeef899a2d56e3bf777099f851c8f
SHA1

23a1fea23e8a31a4e667b391f03067a7e63666d6
SHA256

d96c6138b13ddb64107b40a3b4f08309ba83ba9cd064947ab7cf7a14f162930a
SHA512

a6bbaf7ac0374c155c08fb47567aa1d6cab35b85cfc4c3b7a8587ccda82b9c4edbd8ffc7da167e125f1a06e3e309416ced6dab135c20e41336b348b05005aea7
SSDEEP

196608:1c5vzN6WvJc4+qv8ROPkVOEYNLjv+bhqNVoisCk5c7GpNlY41J26vUiJkbk9VtlE:g8Wvz+q0skVOrL+9qztsCk+7q3T1JNT+

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
5096	Solaris.exe
5096	Solaris.exe
5096	Solaris.exe
5096	Solaris.exe
5096	Solaris.exe
5096	Solaris.exe

UPX packed file 30 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000023454-30.dat	upx
behavioral2/memory/5096-34-0x00007FFB94500000-0x00007FFB94BD8000-memory.dmp	upx
behavioral2/files/0x0007000000023442-36.dat	upx
behavioral2/files/0x0007000000023450-38.dat	upx
behavioral2/files/0x000700000002344c-59.dat	upx
behavioral2/memory/5096-61-0x00007FFBAA170000-0x00007FFBAA17F000-memory.dmp	upx
behavioral2/memory/5096-60-0x00007FFBA7F80000-0x00007FFBA7FA5000-memory.dmp	upx
behavioral2/files/0x000700000002344b-58.dat	upx
behavioral2/files/0x000700000002344a-57.dat	upx
behavioral2/files/0x0007000000023449-56.dat	upx
behavioral2/files/0x0007000000023448-55.dat	upx
behavioral2/files/0x0007000000023447-54.dat	upx
behavioral2/files/0x0007000000023446-53.dat	upx
behavioral2/files/0x0007000000023445-52.dat	upx
behavioral2/files/0x0007000000023444-51.dat	upx
behavioral2/files/0x0007000000023443-50.dat	upx
behavioral2/files/0x0007000000023441-49.dat	upx
behavioral2/files/0x0007000000023440-48.dat	upx
behavioral2/files/0x0007000000023457-47.dat	upx
behavioral2/files/0x0007000000023456-46.dat	upx
behavioral2/files/0x0007000000023455-45.dat	upx
behavioral2/files/0x0007000000023453-44.dat	upx
behavioral2/files/0x0007000000023452-43.dat	upx
behavioral2/files/0x0007000000023451-42.dat	upx
behavioral2/files/0x000700000002344f-41.dat	upx
behavioral2/memory/5096-63-0x00007FFBA7C60000-0x00007FFBA7C74000-memory.dmp	upx
behavioral2/memory/5096-65-0x00007FFB93FD0000-0x00007FFB944F2000-memory.dmp	upx
behavioral2/memory/5096-69-0x00007FFBA7C60000-0x00007FFBA7C74000-memory.dmp	upx
behavioral2/memory/5096-66-0x00007FFB94500000-0x00007FFB94BD8000-memory.dmp	upx
behavioral2/memory/5096-70-0x00007FFB93FD0000-0x00007FFB944F2000-memory.dmp	upx

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 5096	2356	Solaris.exe	84
PID 2356 wrote to memory of 5096	2356	Solaris.exe	84

C:\Users\Admin\AppData\Local\Temp\Solaris\Solaris.exe
"C:\Users\Admin\AppData\Local\Temp\Solaris\Solaris.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Users\Admin\AppData\Local\Temp\Solaris\Solaris.exe
  "C:\Users\Admin\AppData\Local\Temp\Solaris\Solaris.exe"
  2⤵
  - Loads dropped DLL
  PID:5096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI23562\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\_asyncio.pyd

Filesize
37KB

MD5
eda8638c32995d8e48e5293b0b9dba21

SHA1
840b1255f62c4c8e46428277808023f6c60911a0

SHA256
db7719e7bde6c21ef4dcaf315fe3bea500ce70a80b92be61dfd0d00cb46da142

SHA512
c356d77d90a84cef84156cf053e243c94c2d9b423f52d41ef30a280426ce4a564d57df4e7c714f50c2825d9a6088fa7b774b45a9c29703e044ce521194ac36af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\_bz2.pyd

Filesize
48KB

MD5
2eace32292e07ee5c0036b7392172f61

SHA1
5ca189cf84855d9b86865ade7060193acd560a93

SHA256
8c0571c2d937f8161626bb05acf6db121db399474be107467122b27b350310d8

SHA512
1257cbf7d1fbb5932d644b855c63dc5c31391af9d838115037aa583f119f4aac2a24da71f566039b13357af92c15275a933be311c13cd91d89dcfc272af7f1f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\_ctypes.pyd

Filesize
59KB

MD5
c685e7b6ef76cafc4ec106b9784b6cd6

SHA1
89038e7c2ea9a07796191689ea83c530f608a437

SHA256
5dc7f9409c83d146586d27c150534db326c52abfb499d6ba09d03f98259fa0a5

SHA512
ac10ef1ec237637c5b0459aff5925348d1d04dbf717ea2c5b75992b11ecb388bcc082ef113b3899e9bda7b1132e609a5c77b77492904e66e73be40d196bc3507

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\_decimal.pyd

Filesize
105KB

MD5
cf32b33b530159b7dda8796a32170b0f

SHA1
112daec7436a6febf3bb9b3cffc90f3554ee1132

SHA256
620daebfd9d8f56d9eb32c424cc474fc45160c09982e93d91e6e18f89050dbb3

SHA512
3175b087ad61357a0e957958a6acd2cf924c8c219de1d7e2221ed9ff783ab38c8bd7fecb640d521518d294c4783546f3ff1d677f085d6d44b1dbb6cb10f6d052

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\_hashlib.pyd

Filesize
35KB

MD5
da977167a315fba3ce140ecb18354f11

SHA1
5d10fa5ade758675b36caf4e8cf9007ac3a99615

SHA256
8df27ad5c38c51dc55e789184ed25a31d0a71b720f646f3f8e9a44250857cf4f

SHA512
44f326c2813e407fb9c93f6a51f1ffa98a80bfa3ea58082819efc441e5fa8691da9ea631cc4f129f9c56f5f9245f777dd0ad90bac2a81667da495d821f29930d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\_lzma.pyd

Filesize
86KB

MD5
03c89c56f917c131e6c08a222aae07b8

SHA1
1abc34d56b4cca58bf1d93463bbd27cf42d4d062

SHA256
dacc3b750b2c9d961064e3c7c35e46399405d8a2a544a6d243eb79a2b73338f4

SHA512
4a2087c7daf28b796ad6b3341d3c51226f490a4cf53f43ff230e7eaaa9af73d9b2eb6ba21465738008e996c2de66c78eaf8e655342edd382288197489fe32280

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\_multiprocessing.pyd

Filesize
27KB

MD5
429fcc16a7180712d2cc0ca2e0960923

SHA1
c649b32b5ac65d96eca53f588439de14f43c0880

SHA256
2cba53a6b9c294beb6e5ac04a11b325d7e045b58d43bed9b22f92ff52be87a02

SHA512
24b843f3b132a66e454b919d77888df280494a89b372c381e1b221e14ae1c43a741a34dbba0e00a9aeaba268eb1068a11c2f77810865722aedc8bf26fa6cfe6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\_overlapped.pyd

Filesize
33KB

MD5
de12dbc5179985d360d26d86daed6e27

SHA1
a51ffb2e190bd5d31025b7081db25949c206c446

SHA256
996b793e67974eba1d2f05cfd790d7c4cae8c0631e9d860b93442c71790d4f70

SHA512
da8ec05fe50cd3b5ace716cb83423fc1b4e5a148438268b48d1b78bb868c02a080911b70bdf16fd7b4ef67cbfe567eea0967c88aa23c9e887a6f18ecf9df9472

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\_queue.pyd

Filesize
26KB

MD5
6cf8bd2c2b4498b1b0c015752eac6240

SHA1
e019e90049ce38b484c8843ee42a294abb62d667

SHA256
addffbb7a9f83ef580c7a4f3baaa2ba6fb3c8ba87f5f6366a979404ee7bd034a

SHA512
6a47b63c0a29e816c345d9cc6c6ae376c597e9b948b91011791d75813c83a532d6855d37d9fcfb6fb966364e38ade962557656b378f39c1d1443dc8cbecaf160

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\_socket.pyd

Filesize
44KB

MD5
c1cef567062a30296307c93b21d1e18c

SHA1
f11ab11aeb3dea68520c75c1c8e69d2f7a93fc64

SHA256
77c2585bf2f850decb93561da8bd6b85399a663def188d4b51b71b3fcf57df59

SHA512
f55a89b5b3ff81dea86a6ef12d0a0ed86970fc49d530569c0b1c6dbefdec9525acf9d155d651e0e9a866f97263fc077bab8b90ca10c1093bfaef9819edfd72fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\_sqlite3.pyd

Filesize
57KB

MD5
e7940561d82e12a092a592c7dedfae12

SHA1
625fae53d931a3c0fbfd9a17f8d4c7342d542587

SHA256
34d5f7623f95b412e66a8bad907f6952a81538c41b14a42556a048dacea0230d

SHA512
73af6252cf879a4292e6eece4a1c053d6c494cd3db5744fe4d77eb835e77674a9fb4150da11351c7a9b43948356fd534d7c19770779a8468fe945ed6ca2a3d74

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\_ssl.pyd

Filesize
65KB

MD5
f106aacfa4ae591b69b9730ce57f4534

SHA1
74f68f6717ca7366a11a0b2b2d6708d1c238addc

SHA256
631d08922a56b6f046fcc6302c6f756d90f75d64e3d2801899d3ea47059f2987

SHA512
9f420af97c94ac891cd4f07bfa22da80fa20b7bf3b59f19a5bc76fb57ee7615d63de39df27c4a7e8460d754017e62a3a9cefbfb8e9d0a1858fca5c64c5d21105

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\_wmi.pyd

Filesize
28KB

MD5
1890d5c2401a459e34a192930d1d6422

SHA1
b52c21766bee765fb6e2e24f1e9f34cb1f53aac6

SHA256
e898deac8e0ba83500383bafb0ca1abd9af84f95109e0624a30ea1ead6926b5e

SHA512
3818a2349aa25cccb9e00d0cb1350c8fd7c4dd6f85412421e483b9ca086319a6c2dc80fee7e8d761d12b190ee07bc916076de460e288ab08736ff62920e4db71

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\base_library.zip

Filesize
1.3MB

MD5
ccee0ea5ba04aa4fcb1d5a19e976b54f

SHA1
f7a31b2223f1579da1418f8bfe679ad5cb8a58f5

SHA256
eeb7f0b3e56b03454868411d5f62f23c1832c27270cee551b9ca7d9d10106b29

SHA512
4f29ac5df211fef941bd953c2d34cb0c769fb78475494746cb584790d9497c02be35322b0c8f5c14fe88d4dd722733eda12496db7a1200224a014043f7d59166

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\crypto_clipper.json

Filesize
155B

MD5
8bff94a9573315a9d1820d9bb710d97f

SHA1
e69a43d343794524b771d0a07fd4cb263e5464d5

SHA256
3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7

SHA512
d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\libcrypto-3.dll

Filesize
1.6MB

MD5
f8076a47c6f0dac4754d2a0186f63884

SHA1
d228339ff131fba16f023ec8fa40c658991eb01f

SHA256
3423134795ab8fce58190ae156d4b5d70053bebe6c9a228bea3281855e5357fa

SHA512
a6d4144cbba4a26edf563806696d312d8a3486122b165aae2c1692defc2828f3ff6bd6a7f24df730ff11c12bc60ac4408f9475c19b543ed1116b0a5d3466300b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\libffi-8.dll

Filesize
29KB

MD5
013a0b2653aa0eb6075419217a1ed6bd

SHA1
1b58ff8e160b29a43397499801cf8ab0344371e7

SHA256
e9d8eb01bb9b02ce3859ba4527938a71b4668f98897d46f29e94b27014036523

SHA512
0bd13fa1d55133ee2a96387e0756f48133987bacd99d1f58bab3be7bffdf868092060c17ab792dcfbb4680f984f40d3f7cc24abdd657b756496aa8884b8f6099

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\libopus-0.x64.dll

Filesize
217KB

MD5
e56f1b8c782d39fd19b5c9ade735b51b

SHA1
3d1dc7e70a655ba9058958a17efabe76953a00b4

SHA256
fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732

SHA512
b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\libssl-3.dll

Filesize
223KB

MD5
f4dd15287cd387b289143e65e37ad5ae

SHA1
f37b85d8e24b85eedda5958658cdaa36c4a14651

SHA256
6844483a33468eb919e9a3ef3561c80dd9c4cd3a11ad0961c9c4f2025b0a8dff

SHA512
8583692f19c686cbb58baaf27b4ab464d597025f1ff8596c51ec357e2f71136995b414807a2a84f5409f25a0798cb7c497ddb0018df3a96b75aba39950581a19

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\pyexpat.pyd

Filesize
87KB

MD5
4abfba91c47328272c9b69b2a6db4dd2

SHA1
dd95d2bc2ce19bded4a0d342a2da08f0a7778fe5

SHA256
a7a095d822ddc5d26c18b3afba8df7a158ed57a7389c0c67ccaceb5b2047fa8e

SHA512
8f19d7d648670307898df061ea2c2cec83555780c8c263992381405c188eb37f5e02bf05073c9568da101c5699b1add170e1bc2bc20cab73d5f62622303fe3c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\python312.dll

Filesize
1.8MB

MD5
cfa2e5cdda9039831f12174573b20c7b

SHA1
c63a1ffd741a85e483fc01d6a2d0f7616b223291

SHA256
b93e682bddb5c3e2af1f0264e83fbc40481fe6abd90c3ab26e94f246c8ce8d7d

SHA512
f1ac568bd1a16d5ab2623ac42a83aed32d9867a0e016e0ac3c922f28ceb1bb7e114dab44553949008a6e2fd3bb67fc2be8fc283560d9f4b1f1552137a0c104aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\select.pyd

Filesize
25KB

MD5
0c130ea965aa11fb0fe131433d6e1dd1

SHA1
fdc6fd706d82d073db432831533ab2fee5e7bd9d

SHA256
4f36ba1427114fc9f13f632baedea4984e8267c912525722a7ade73ef450e582

SHA512
58f11c095ec2c5d909b687d6a3ab9b1b556eccf4d7789f688d8eff953092bf301714e8a016a927a047babdf20d7472ebcfd0c5f7b6d19b7252614fbd0aeefbfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\sqlite3.dll

Filesize
630KB

MD5
72f315d0016666a9ea1bd9161185e9ff

SHA1
7fe2b599b329fd057679938dfcfa8506d136e671

SHA256
2bcdef677d17f776e622e802b2a020cf5d2597f1e7a4a2dd2ab1fcd266e5c263

SHA512
ffc1f1d8768ed94a143c0d932d9a303577e90bc5b77d3da857f90a10b49cd1de5a31760b9dd59edb98d569f880be311417a0be6f0ce744c721d0c4f6a9b5aa56

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23562\unicodedata.pyd

Filesize
295KB

MD5
bbc5bf1e060d2ecc654c6f2f9bb53b40

SHA1
47be8c2ae3031cd86f3933f2620a40a1dfcf9c6a

SHA256
158c385e7186c418db48b9345b599ffc605eaca35d47280b106fa05aaa68fb3b

SHA512
7b86cfe7e4ee8bc43f3e34becffe0d6abd38ea051222a0dc880b3bfc8c9bd5ee4026b4a0017e739cb1aa62d05c394fa27b5e2588df8b95ca2284d370ca1503bd

Download Submit
memory/5096-61-0x00007FFBAA170000-0x00007FFBAA17F000-memory.dmp

Filesize
60KB

Download
memory/5096-60-0x00007FFBA7F80000-0x00007FFBA7FA5000-memory.dmp

Filesize
148KB

Download
memory/5096-63-0x00007FFBA7C60000-0x00007FFBA7C74000-memory.dmp

Filesize
80KB

Download
memory/5096-34-0x00007FFB94500000-0x00007FFB94BD8000-memory.dmp

Filesize
6.8MB

Download
memory/5096-65-0x00007FFB93FD0000-0x00007FFB944F2000-memory.dmp

Filesize
5.1MB

Download
memory/5096-69-0x00007FFBA7C60000-0x00007FFBA7C74000-memory.dmp

Filesize
80KB

Download
memory/5096-66-0x00007FFB94500000-0x00007FFB94BD8000-memory.dmp

Filesize
6.8MB

Download
memory/5096-70-0x00007FFB93FD0000-0x00007FFB944F2000-memory.dmp

Filesize
5.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads