Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
24-08-2024 08:37
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://getsolara.dev
Resource
win10v2004-20240802-en
General
-
Target
http://getsolara.dev
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exepid process 2216 msedge.exe 2216 msedge.exe 4136 msedge.exe 4136 msedge.exe 5080 identity_helper.exe 5080 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exepid process 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
msedge.exepid process 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4136 wrote to memory of 4992 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 4992 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 1636 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 2216 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 2216 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 2496 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 2496 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 2496 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 2496 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 2496 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 2496 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 2496 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 2496 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 2496 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 2496 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 2496 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 2496 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 2496 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 2496 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 2496 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 2496 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 2496 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 2496 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 2496 4136 msedge.exe msedge.exe PID 4136 wrote to memory of 2496 4136 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://getsolara.dev1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4136 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc61d46f8,0x7ffbc61d4708,0x7ffbc61d47182⤵PID:4992
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9012273765628680563,14168548720190670307,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:1636
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,9012273765628680563,14168548720190670307,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2216 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,9012273765628680563,14168548720190670307,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:82⤵PID:2496
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9012273765628680563,14168548720190670307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:1132
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9012273765628680563,14168548720190670307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:1808
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9012273765628680563,14168548720190670307,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:82⤵PID:1372
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9012273765628680563,14168548720190670307,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5080 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9012273765628680563,14168548720190670307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:12⤵PID:412
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9012273765628680563,14168548720190670307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵PID:2372
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9012273765628680563,14168548720190670307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵PID:1580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9012273765628680563,14168548720190670307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:12⤵PID:2896
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9012273765628680563,14168548720190670307,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:12⤵PID:412
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9012273765628680563,14168548720190670307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:12⤵PID:4980
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9012273765628680563,14168548720190670307,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:5048
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4476
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:972
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD582151c6d7e9b5d25671cae6c8d55aff7
SHA1578e0f1dda7b750ef420f0cc4a28e583a4f6c36e
SHA256b733d25dccb27ca4c72f321b2f78dc3ee83cddbc5d5df4e3482e4e96393b2be2
SHA512d081ca9292dd095d9a66e85d05de9fdae7817adf90bbcee64cf0bca04966acbd2c6bd1753e72459723cb155dc266b639f478bd997c2ad880b8e9050e422426a5
-
Filesize
614B
MD5334907920fc20eb662dfb67178995fee
SHA13f25c852ad3eaeef69a79ab2c41a5fceb52e3ae3
SHA2564f19d37579548ec85f97406605f15a4f42ca71e46557ac9426b0ec958acf89bb
SHA512d64f14081512c4c3ef59448bc77f47cb7543d47257cdbe1f382d5b932e5568edebf5949de8ebb15180e9e52755e715e2852f08ec7df21b5bab8cd05a30bb2eab
-
Filesize
6KB
MD52fc2bae64f6d524efcc23418eccb1802
SHA1248e0b4ce81ff349fe615020f864e806d51b93ce
SHA256533416e019a302b64e7eaf0ec95b1d7201e995fa69821a66ea877312ee50a531
SHA512ce3ecd26bc6981f3d45a943f4c96d7d42af69b955fb2cfce78fe82f3e5d6d4ec036895088a1632065f6eab35fca16a95109c190a4c4f895b39e1cb8f2e0a084f
-
Filesize
5KB
MD5d626ec3e57e31595f1c02252561010d7
SHA1bf0e24cd91c22b60e0f880afb3e183fb9064d284
SHA25662fa62322af61212f68a568715c33b6cf7070b19786a66c6881089c482c23673
SHA5125aa8ea5c11c217786892a8a972762f5bdeb3122ff04cd1dca8342c2561e822eb80afe32bb272678f5dc85172e720dc1e9ce0174c6e28ebaa036bedecee4dd364
-
Filesize
7KB
MD5d47d7bdbb90e62cd91e8460a59c7d16a
SHA1c5e2452b455e7c4e858ec20bd2624bd3c93e23fb
SHA25657fc2487d26da100485e2452ba11ff2d90d2530a64fef4e93000aa52e22d9848
SHA512aede3a3e9aa7dcf5bfc8a1884e6a7816e93af32f5fbd6047b637344793d2a06a857e735bc52f339e324480cf22ea8c9a307eeb90fd6dc39349fca69c0d93fba6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5c2a272782247983235b719d7654aebed
SHA10ad6c4e5bf7d1c58a656c50ff95024fcf868473f
SHA256c012df61f3f6698497b6a305e43fc8fcf94bbda9515b2237ffbbe8d5b02bb364
SHA512ce64e33fefaffc3b1eaf91ba43fae89475c839cc58f12a3053b77aedd7718c4e40c091715009c4c44a2260643244545c4e5ddcf47ef7089d8eefa8f7b007c3b2
-
Filesize
11KB
MD5f04b47add16d7c939256d62666e341e3
SHA1eb0bbe6ef50da26f03726ea0407f5c453e9c09fc
SHA2569110a48fc41e1730b3eb0660f5991c66ff1e647aa9ff5656196412029a205098
SHA51293836dcbd4d143327b3e7e444e0e19352f0735edc0e6dd38e9ca08eb56841a29c857e58d6961ce56a9bb1c11d74c72114ed16fb4b112af0ba37c14383fd492a3
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e