Analysis

  • max time kernel
    192s
  • max time network
    196s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19-08-2024 08:06

General

  • Target

    Solara.exe

  • Size

    81.2MB

  • MD5

    10d3cf93e2763c12e2cb1861157bd11c

  • SHA1

    3a2995e034de83a7a2007809d62898ff361135f8

  • SHA256

    9edec2d7604cd19e991c680524d372e23b6a56452b2c93b7a9ef45bbedaf47c6

  • SHA512

    c2ef4c4f63f5f47201daa7f9db8923e125297a86bbf93e8f355587a8c8febca60e689bb483de496441cc1d0ac6e65067c9eae696d6e575b4b32e21915e6ca5d4

  • SSDEEP

    1572864:YvxZQglPWjg7vaSk8IpG7V+VPhqHDE7jblgA7iYgj+h58sMw2IrD2:YvxZx9heSkB05awHaeA151

Malware Config

Signatures

  • Enumerates VirtualBox DLL files 2 TTPs 2 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

  • Sets file to hidden 1 TTPs 1 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 64 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 11 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Kills process with taskkill 1 IoCs
  • Modifies data under HKEY_USERS 4 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs