Analysis
-
max time kernel
80s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
24-08-2024 23:11
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://getsolara.dev
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
http://getsolara.dev
Resource
win10-20240611-en
General
-
Target
http://getsolara.dev
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
IEXPLORE.EXEdescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{473FE0E1-626E-11EF-A76F-5AE8573B0ABD} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90cace1e7bf6da01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000041d566d9b97e8035b7a3336ad711b93002038ba56b61d8ffd00324fa46e7780000000000e8000000002000020000000c0e9f4741e87631eebc8f3dd131742678b301f86f3234f1655597707cf8d2f43200000001e45107ebee6c8469a83395403f424b6a0b598e370f722fe3aade173767950be40000000ea95fc5cdb1f1901c1d66328751d3496a1dfa8cee4111a63a9f2417d66ecab9a7b1f53da6ab4d3ca306723ecdbcc871eccc503f6d54f6cf2d49796e38bf46555 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b700000000002000000000010660000000100002000000048fb6529bc84cd729e09d2d04240664e179daa7a79783cebce5fff8d36d185e7000000000e80000000020000200000002bedd92c480dbecd4fd97e979af1558ab81ba330309d48e7442d6d353db02a3f900000003ea7812a519243a56aa77b54c251f59f1834d1cdb0b8f52acfcd261430f7e21023789dfca162c822fc978cd8b181473cc517a9dddaf4ce91ce645096de116b15cb46d355dc0106e8d3e29fcb145b07b5587c10599bc9050293fb999bb20c414a5eff0e20f35df0a0d9483ddf98539f743e884e1e30a9ee67c0fd210216206c2f946c41efed978f3a9ec6b062dc063d11400000000d2302e703873a59f6c501fa0e9ebdc88334c2593f7b5536e5955a2e893f9a05d0ea3ef4ecce5b4e48dcde889d68217c312353a1b79dfbab08fd8e886894abe3 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430703000" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 2452 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2452 iexplore.exe 2452 iexplore.exe 1300 IEXPLORE.EXE 1300 IEXPLORE.EXE 1300 IEXPLORE.EXE 1300 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 2452 wrote to memory of 1300 2452 iexplore.exe IEXPLORE.EXE PID 2452 wrote to memory of 1300 2452 iexplore.exe IEXPLORE.EXE PID 2452 wrote to memory of 1300 2452 iexplore.exe IEXPLORE.EXE PID 2452 wrote to memory of 1300 2452 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://getsolara.dev1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2452 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2452 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1300
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD541734e1225b5dcbfd32fac0b33110058
SHA1e4a60bc94585e9afb874be077335c994e85bc58d
SHA256e31778885872806cad80b3664a34ffbcc621af65114b30800f576ac26879894b
SHA512bdce5e4950172b678810422b5a98417d3cb9bfcb76b4a009b433c09ae72758e17eddc3d08691076568f953e3be0f9f89956332ae08ef1dc933e6998d8b2a5bd9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59870da0b5152bdf0723ef4a7140ab0b4
SHA17ec23218b639b48d657edb9123c56cace4675875
SHA25658a8dd18b1a81ff544233a81692d24e298d4abbad70c1607a9ad952a5c81640a
SHA512903b174391f07d42591117f304437fe703a01f5edab46b22d8073de9c507e606199c1b8c532558a4e5d1486dc15dd7a9cb7330eef8e922d5203e739e525c73aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fa160e69b94e506b62a262afea3a0d2b
SHA112e68c63a333090de015563e360b0d00f10c62c2
SHA2569576ac4ebb37d078118103fa60dd9d377733b96ff67524e479a97a9afe549e0c
SHA512d9c32ec896d1a05695400ad43cc3427144fdcea90eaed8d90b16d41632d3fbf826a012bce6275f557983b2a0dc3e26374260bb7f2e25b62c6c69a0283589331e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58bd2ce14ca9079052a8e0aefcb2ab1b5
SHA1eaded9ca6de05849416d1a41901b72fdd2bbc0d7
SHA256cc1ccc5a08b15751bf694dac4002308b354d0d777eaacbce831c0915517e3273
SHA512d4a4001d888a48f66845629a8e74dacb45b314a23acc3d59bd80bfc6a8c36a9ead755b83795e368ab5d3601b906933cd573c100573353b6b73727f6b185daf30
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5500183178aed117f25118177fccbc853
SHA194bfbf4f439f175dbefcf5f8341ec2256731c58a
SHA25676e24bf55be98e9ade277bcff0b88625176539eaa15d6fc03357bbfa3c3fc074
SHA512114f3b363024cc4337d4f6583b40bd3d5764be0deb4f4a4978f51b7c22c1cac9c5060ca6b2c6e5eda6b5e69075f49bdcb8a3308f7a32b1969c247813306a5347
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57217d855a5818c6913731bbee819ed72
SHA1f1a756bbcaadb857cb33dbb5a18ba18a3a1952a8
SHA256b84e072e3dd98ea99ca430345a972f1c95c4072074ce5f91c011094132a6f8de
SHA5127da66b46ef18e0e021cb46784d399cfce1534479e58ffb90a08f29f0b585f8f59bcc5119dc8965d8055c9a89c38be74af1e4b3f8aca3fa1d1eb012f2b1fc82f1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b04dfcb71cc837f5041b61b9e0db4b2b
SHA18f74ec0ed4944bf408244145ec1a0ac020cd96ce
SHA25602c480f9e2e997ab084f04d367711099157f8dd33155bd696ad348e9e1121fd9
SHA51297fe414cecb456054826a30cc25f77b5b78b3ef249fff0e236eef184d72906ecab95d447f61a537a4b5edd37940fcef57e9e57514b6a33a10b1ed00da4fc3881
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d2f3ed3cd3544ad14979aa6dc3c87b3c
SHA1906ff4e6d661fefcbd3f537d49cb83a12673d572
SHA2568036a98028f94725624bd22bb495d618a01a55d02e183990a429dfb13c12dd18
SHA5127f1906126155a82a79a2b9dc2bddb13c716568bc1ede3f0efca0e393ca7592ce15c05e706b7a2b244c691e3510e800c92b5f69be1eff7d5567c3369fa50abe05
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52650b3b0647e28a5d0dff936c78ad5db
SHA19eed396efcb95e65d93a65c9f04b46db133c1366
SHA2568024eca3bf5c32aed6f3a8a52d9f8898e729aed3111a72b1acbb59496764eded
SHA512086ff53a419286cb6ce019c3b249be5206075fd018d9e6fdbab80383de9367512fce99830dc486e1394549fda9664a3c4c517f4f1ea2390514e5a33f8d223142
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b83355f4ec37b9b83e4de9c198e6430a
SHA12f2cba037b19b6948ec2ede0b673caf1c510cf5f
SHA2566f3cba848e27505a474c661c25f5b384998c05e5caadc332f9c2e41a631d62d0
SHA512f609dc2906d2de2adc5a39ea59ae52100cc5dd2b849cbde0ab244cc3e524a89bb2f7518b4f787807a6bf44b0a9c85ef394e6b0333b0eb57a2478b496527b6cfd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d2b85472a92b630a4a53c0f01467f42b
SHA150dd8e4635b56c8a6e487ff3f2ec33e2c80ca067
SHA256dd279bf18ec82870b51ec9a5d30719d907e517ab0a9692f3d5e0fb850783534c
SHA512bf69c6724a087804eee1424365aebcdc3bddd3e3edaaaa6d3c55c33487862c31bc9cdbb724b6febe24c6aeaf8f2fc9b471b84f47c4e785cdf47d28c7f965d983
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aa11067ab3d5c212f580e25ebcb9e0eb
SHA13838a726a2a183b51dd3c519c73e1eb3d240c2c5
SHA256ba6528e1510ab2fa1ecbb22da915396e4fccd503b293db48bf5e19324e7d573c
SHA512bd691d93cd979cd7aedba80d89bb24a9d0fe555f8320e1cb625109ff83727aebc5355d20d5979fd332c009ad7d6c99daa08f0d2d56d757aed549d6457a85e191
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57253f2a807b354d5ec113f7b07db6d7f
SHA1c4546c71b92481ae1d1a89e9d2fac4f8cd721bb8
SHA256cdf5ef0299e61bf1c16adf61533c407f9fa8e21efc9e02ac5645cdd520559f7f
SHA5121eb5f9b7a0c3d905898a7a912d3998828b4c1b29fc69a775bf11c74ce9bf6c920781a07e49bbfcb6b5ce84c5b8a54e1b67c77d3705ef68cc9bbe38ee9e605f07
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50caaf6d3b29b9660a03b678216db46b6
SHA1f1947afe6edc99bb5614bd23cb7029cdaab6e67f
SHA25601901f3123b5b731dc00b563082f48a2a80da8c4781e6591090afaf4ed20cbda
SHA51292b8f5a94df6c40561155a26a8d8ac25bfa84e2785fe83a642c271147b2fc16d91513068c8f607845069e3c39b435927f689faaf272e17ac490d331af4c41f2b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD52b71fb21d7ce8cb93632fbbf4714842d
SHA17f1ea7d52a09aa02989de0dc119acfa8b6431e0e
SHA2561632e66097a901467c2e425b47e7af9bbd72f5310cb6e09a67c0c7b2740fa4d1
SHA512f0b5db94e7b62591de18b55f6630a75937e680a2fc3880c6ae39336f73a55392445c59dd0fc0fc9804faf8987cbf14bfcce82d632c01a7d0a2eae17bdadf30be
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWMUP5AI\favicon[1].htm
Filesize58KB
MD5f79d7b2e81acbcdb5253090393d198e3
SHA1633145cf2a36e70a9e663588ff968b57d8a73cc0
SHA25690056965adfe9c63aa2252d2987c02cb80bb5eb4e73606574d90dbb4e7fa5584
SHA5121519218bde26b5fe547901c0ffc4a74bb7d08e0862de0ff82f6436c6d9bff143477787cacccdad0b85dfa1ae92855212672304ce89640387be6de0d2edee64de
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b