Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    06-08-2024 14:33

General

  • Target

    Solara/Solara/autoexec/test2.lua

  • Size

    11B

  • MD5

    701bf4a4743e5e0361e26999881a5ce9

  • SHA1

    f34d33bcb5c13eae1c15faddc6054e479f74aa28

  • SHA256

    c2d0a5e0790d97a015387a995c0d0b5eb3e88138466586fc980787c9b1731eb8

  • SHA512

    8c0eedc5dca108eb9682239164cba3c70ba4c12e4520a9bdfa8efce0416ce51534fcea2ef4dcd7ea2dfc684358a064233165b0bda5287892de2014a1f2b21c6f

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Solara\Solara\autoexec\test2.lua
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2308
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Solara\Solara\autoexec\test2.lua
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2120
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Solara\Solara\autoexec\test2.lua"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2924

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    8e2e803f0f2447d609e6edeea9274b32

    SHA1

    ffadf35ce2520442ac94eb8b8ffd30b4ce79d425

    SHA256

    e942dcb0c3894b8414f026ae9e96500d91c5f47d5ceeacb45e011f903d61c9a7

    SHA512

    953b6022107ad3cfad37367ced8e6283064d2e11285492c9e55b8d1f3b7a77a5a6ed2b4f45491c3865dfc5e9412aa16efc817c2f186d40583eab837ab7a2751c

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.