01da6485e77c3d2c6da4a6340396d33c3cd6550932889fbe84f1c1057ce0f6cf

Analysis

max time kernel
121s
max time network
129s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
06-08-2024 10:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

solara-bootstrapper.html
Size

4KB
MD5

ac2814d8b7d4e621dbea1759baedd5cd
SHA1

99f8d2ea19f010bf79b7a925202c04d8d6164167
SHA256

01da6485e77c3d2c6da4a6340396d33c3cd6550932889fbe84f1c1057ce0f6cf
SHA512

f9aceafb368760fb8e7d78511aa06ce09929ea511d4bb12bd56dcf23e967fa82bb706519cfc3c69f1d7286831ad8e7e66af0527785079ac02eef45144a63290c
SSDEEP

96:1j9jwIjYj5jDK/D5DMF+C8/ZqXKHvpIkdNLrRU9PaQxJbGD:1j9jhjYj9K/Vo+n8aHvFdNLry9ieJGD

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb47000000000200000000001066000000010000200000007afa5ffdc3c5d6dfb406b8d72fdcad484f6ffce917d3039ba462c5307326e2f6000000000e8000000002000020000000054b16d42b9dccce3fa66fa22154d03045771103fbbc1bd673d46fd3d031137a9000000032eeae1ee4f7b3047ed7bd9ca0ebaaf2f1b7b2a79ce8b0552aef28d35de90dbdf9380031bf009d1f04c50fc1ce28a4d87b93e1fdc9bf6fc79ccacd62932f47051d389b09a21015418ef37cb4895b0d32dd064698125fd649371a6fae88f41d593b30915669eefff4afcb602a03c596fadc52fa2bc2f8f3391e835bc016ca84a05bd51bd72932b5f7dd0c201ae2c21de640000000506fd3f13486c2d009cda224485da8aece1ef8a86fbbbffe7761b6dd8efd6c28485a80f329f0232375fe16014a366008487cc4c901b6fd6767667768c09c46f9	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429102868"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40f4f186ede7da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B26B4181-53E0-11EF-8334-424588269AE0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000a5dd9787f59b6d9962db89f20722f85e823ee78162870a6a0ae57efc4f1021ef000000000e8000000002000020000000e279ff644ac70263bbfb0b352186962f861adf275fc5a81313acb436fe1ec14c20000000feda08aa0ef61ec70cf06f27285fca6af5993c9f8805eddf4c225e2fe42b6e2440000000788d036c543660e4569a21c8199f7341a731e22ed6c3ef155adc2d125e75b5bea870dba6faed75a07a8a6d7bd55e32e4cb16e8a6861aee5d6d87c5c03b1a01c2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2976	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2976	iexplore.exe
2976	iexplore.exe
544	IEXPLORE.EXE
544	IEXPLORE.EXE
544	IEXPLORE.EXE
544	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 544	2976	iexplore.exe	30
PID 2976 wrote to memory of 544	2976	iexplore.exe	30
PID 2976 wrote to memory of 544	2976	iexplore.exe	30
PID 2976 wrote to memory of 544	2976	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\solara-bootstrapper.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2976 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe2233977d280a22cbcd885986f9c590

SHA1
70637f8395df3a896e7c1dbcc3fee34506889248

SHA256
a3fda1ff79fee8623c06e18634680937d8cf0da0b1a059a513398f7ae744b5e0

SHA512
bd368df0694707e5b70bb6bafd4372057e54b8c6e2d79742fe29d7093e3aa608de4375a15ab9d56c98377f6f6624c15c7e5b2f85ce99c1e6833cd693e2819dbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
971ab5a9fcd4d98547394a295871feca

SHA1
b7840a88af495a046ec115ab53f7099b7e2ded7d

SHA256
67a79e4bc5b31567a4b1bf4772a597c3d177bbe1922c090763649abadd5a093a

SHA512
8792d4d005a7059fdd260cba5cbc9fae302da03ccd952a01078b9d792348d21424cf85e9eff2ecb06555f011e792894c8bff0c892d4d8672a7ee2982a66c728f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2df517a2a1333d77762b70048f9a81bd

SHA1
cfd6e8e287a34926772313d5aefa6cd15f25c793

SHA256
96952cdaa6809221ba6fda15a4596870f6aaaed4efe67fb18b5de8a87954def5

SHA512
fae09bbbe27ec8f8605e09e113b00d7a84eee4b0d30c2bfd878005ff4782cd332238e2a3d46bb65397ba138f3b2fd17ddb260f0b4da4f1df3d3469d80ac50c2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6f9fcb28b4d72569b780b568ae5bbd3

SHA1
ae508d78b8c78835b935b3ced48b8e3b529a3ccc

SHA256
25772d54448742f3dd070e16e3910b2e65a2079a12d57123b88829bf7cc981ea

SHA512
a4e6b395c5c9e02e46cd67a1d1a31529d5336f17684918882ce1f287f55cd9bded8e740a79427ed8864d3bffb379952ac2be96f2b071b6285e5da428d3d598b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
979c66f3f137312a6c22a83d60688fb0

SHA1
7a34eba24638136010e821dbaf43a9e8eb6e75f1

SHA256
2bc4e8a4eb4a612772b08ffac3d5e0e91ad68d160782090abd140552f8472b81

SHA512
def25e42d2bb840ba400853d7e4409a246e982d5425cc5816a3d27f666b0f4b5a3171b7fc6d7c2e9dddc6f72c519fd99bcff8c00357ac49a9f4acff9120b363c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71814d031425ab38cb60bb53529095ae

SHA1
b9c40341402bd88ec908f44fc32f1c530ce72a41

SHA256
273fb483de6814ae499595846c4ec3944749b637ff129724bb6e84dd45a455a5

SHA512
3bae04845da972e7b9b6a742788e46ffda6d968ee610ead0580e23684da3987ffa0e4ff8bd9b9ecf520a4473f36e946cae37963a9d12db86aec2176d20d01dd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ec19b404e0337e89d3d03151cdab75b

SHA1
3185139ffd44a7890894ac2a68b1eb6bfbee7e07

SHA256
b8ffc53a06b05dc61da75d1f585f78f668f1d700f2ca57be6fbcdd69a7ebf57b

SHA512
aa9eee4dc810c11310fc4f857ada7b8a158e9d4b6c51761face76f728286a48f621a1dc69fe759c5b7ecba29ae1fd93fd3cdf80a7d51943bfc1c4c1d0e716206

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5948517662fc5f7211ffcdfd12f3a8f3

SHA1
8ec3860ad209de00231013f1675569a7b1e93000

SHA256
592aa383ac1a22882243a7ac267013d4ee9ee069dffd9a262db2a3c18595f2bb

SHA512
bf89f5f97e06f8ebcd882d6a6f6b2bcd47912e49a50fb20f2630ed96d4f278ade985a1641514217a7162eac1d604be22cf4ecdab12d2cd65c2cb03e2b3491d9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
491fcfb296607711f1f5e714c3162041

SHA1
38420268576ab43ec07d182d901bddd4010d2fbc

SHA256
5edb0c4ec61d0b11cb573e89ce8fd176ab0fa8b8e8fb8bc75c51f636bd4724c0

SHA512
78b710b5e08d1d35c920c2c1a2be247e6295a48bf306fec73f631b640f95d33745dd092f193cc7faf014125ae61c9da3ea2ba3ced1b5ec977c0c5d6b82abd5b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e610626e97843656b0703a5fe3c0886c

SHA1
3230afa69f641f7b3bf8cf85ce2c3903d50eddd1

SHA256
0679dfcc4fb976597e0e723d556b94b9d44358565e5247a456aad236c04bcad9

SHA512
00ba80a08a938465a37ac20b09699464a036156a275e30dffa8ee23b0f7761db663835fb5396aa09c74d5ace758a90235a85f893e44be5148dfc238cd6219219

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e112a08651dfa372686cb13b42fe77f6

SHA1
8731daac9fd9b2bc0057cebaefa31582e050915e

SHA256
e40f1ea24c7e959d2bd63fe71ee425e8f625adfd337617d860768f5364c053d0

SHA512
2e196c901f381c0c2bfba58945c4a7c4d79228d35048f18b0386bb6aa78489b1910c06dbc76f05118ffa86aba15a7621744c3c8b5c16cb8d3d8dd82983b7ef91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1158f4ef61cea2ea72ce4afbe9dd626

SHA1
ccf42812714813db2e100177cfeecad266f579c8

SHA256
c081bd4cf0ccf487cfcb68c8fb15cc211abe90c4da36ef16ab1af65559d43517

SHA512
17aca652b31c0598abf8b0646b57c8c68055d04f781e5b1e1ddfdd8df8a4f9591bfe9317d007eb2f263456bdbd66b109f510810d218c4d73da71a3781e165c44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c92dd7d2d84d94d6856ec3ccfe11ba3

SHA1
95c7061abb567dcfc7adbd62bf95347916e600dd

SHA256
8a306faa74feaae4bc5cd7d91fd48bf06da62f39441492d8341521d2558679d5

SHA512
500740c63c329bc5ba3877baa2fb939fd5e6bac5b8e52005eeff6ba8df48ff750017e681477323cf6fc97b6da6af0aca1a6e8c369c30cdd74121d50230a8cc89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a2f547bd21ae41006b0b30210009bb7

SHA1
1b8393f561a6d3fc9d4e5e198aba4f3a8676a7cd

SHA256
80b11a5d14d669c6583b819e7afbbb2835b72017a3766b03d3e9c00a1194afec

SHA512
c704dec2d8ce9c2ba2fccc1bfaab3d83f0c904799f0deac32a3a5950d51009740ad6c73d5b95b35e6620924b10b33a2653da4004660ba7edbdec287435fc2cf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08ee6e43ffc5ae64a71dccc84a1c81ac

SHA1
0f8fdb1d864d19102dca5289486f8944eaf95c97

SHA256
30b1d566261e38526126f37ea923bec46ef37bf2d941ec6fb1b1ff9127380ff0

SHA512
7d5a43c14fc5d86890f8bc2eb25faf4fa2dea4c3db43774e6770aedba851cd1259622d4f46c124adce27e6903b865cbe512a0c986d72e343081894068ab716ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3baad5e510932247dddbcea2c1b2043b

SHA1
d91a965489647cf344d0fde339751bcc727f6001

SHA256
723db7299c9e43a709684c2beb63d3fcaba2824ac485f6b341c1d064f553e615

SHA512
3f207505bd68c69a4d53e78508c8cbc0717479cef6986ca4329f85d63771818641cf49c11fe192a47f1b9c00dc5cf526227e6eb5e0ebc50b0e68f0d7287c678a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDC4D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDCFD.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit