49a4a4641cbffaafce34a35cd4c74d486935db28906fc4acd71400f26d853cd0

Analysis

max time kernel
14s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 09:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SolaraBootstrapper.exe
Size

969KB
MD5

b8a07270ae910250a280a14eee35b80f
SHA1

c4c4a15fb067d11324c028cb36fbd4cb04cb26ce
SHA256

49a4a4641cbffaafce34a35cd4c74d486935db28906fc4acd71400f26d853cd0
SHA512

c1fda7adb3324c3e697124520b50d852a1e7b3d238d2f7fb23311c4767de3babc6a4653f901e91a4d4fdf6fde3c464b0299a3b986875fb38dad16d036c3020b2
SSDEEP

24576:zYmtbhG5rt/PmeggdP8/L52miMaCn5FNF:bkxt/OeZP8/NDiMLTN

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
760	SolaraBootstrapper.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SolaraBootstrapper.exe

C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Roaming\d3d9x.dll

Filesize
1.2MB

MD5
7c5d02c92dab64e27974e0f42a4711ab

SHA1
df39c4b9d2425a776696fb6b2409dd06caecd851

SHA256
d2ca01c8ed8eba30cdbdcf418653c8ac367a7e088234bc99a8d75ed5eda64195

SHA512
f2ed615490c3736852c55bd9cdd36cdbab23fc0eec9c05d418c0f5933403eb490accba6a749aa31be283c13a896c318c03fee7a4874460051ad7e0c75157d233

Download Submit
memory/760-0-0x000000007486E000-0x000000007486F000-memory.dmp

Filesize
4KB

Download
memory/760-1-0x0000000001200000-0x00000000012F8000-memory.dmp

Filesize
992KB

Download
memory/760-6-0x0000000074860000-0x0000000074F4E000-memory.dmp

Filesize
6.9MB

Download
memory/760-7-0x0000000074860000-0x0000000074F4E000-memory.dmp

Filesize
6.9MB

Download
memory/760-8-0x0000000074860000-0x0000000074F4E000-memory.dmp

Filesize
6.9MB

Download