Overview

overview

7

Static

static

3

Bootstrapp...ra.exe

windows7-x64

7

Bootstrapp...ra.exe

windows10-1703-x64

7

Resubmissions

25/08/2024, 22:59

240825-2yjmeasakk 7

25/08/2024, 22:53

240825-2t8qqs1gmp 7

Analysis

  • max time kernel
    119s
  • max time network
    126s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25/08/2024, 22:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    BootstrapperSolara.exe

  • Size

    961KB

  • MD5

    fa965ef7dad222010cb3185768dddf72

  • SHA1

    64ea311586210eee0741f4e94f51c66a3e99dbf2

  • SHA256

    7851e924f810dab1284813a043f4e41f52306cb919085f0afc3a17b32c7da450

  • SHA512

    59057559c2a776660395a0a1d0ce67d3a7157b367f654b79f36c46df12c829a0c61a43718b57e5c1490367b6264202c9411e3d3fa74e58c59f05851abb5b6a61

  • SSDEEP

    12288:u0EgdoJsmwgZXgV7BqUURLBCt3KpOJE+sm93hW2FZm4sPMaJhf6ozg+GQm8gXags:6gyJs2QV0UURdCt3LJrhePMN

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 30 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BootstrapperSolara.exe
    "C:\Users\Admin\AppData\Local\Temp\BootstrapperSolara.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1176
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:5076

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Roaming\d3d9x.dll
          Filesize

          1.2MB

          MD5

          ee8f4d53a63875270bc1c0a28d791148

          SHA1

          963c75a3c698f536e32620f507bb607cbe7af72f

          SHA256

          8831023784ad6d17c0ac4f550f21e95699bc54da6a79a08c079852465fea5023

          SHA512

          43c4b8ffffe8169d7f773426f202a5aa136ca8a57b5d3f8b8a2467ab118cce149b944f405ca5d904d677e74069519ded4115f8a8629c2e59570bae01dad94972

          Download Submit

        • memory/1176-12-0x0000000073F80000-0x000000007466E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/1176-1-0x0000000000790000-0x0000000000886000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1176-7-0x0000000073F80000-0x000000007466E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/1176-0-0x0000000073F8E000-0x0000000073F8F000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1176-11-0x0000000076020000-0x0000000076080000-memory.dmp

          Filesize

          384KB

          Download

        • memory/5076-14-0x0000000005260000-0x000000000575E000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/5076-13-0x0000000073F80000-0x000000007466E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/5076-9-0x0000000000400000-0x00000000004FA000-memory.dmp

          Filesize

          1000KB

          Download

        • memory/5076-15-0x0000000073F80000-0x000000007466E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/5076-16-0x0000000004E70000-0x0000000004F02000-memory.dmp

          Filesize

          584KB

          Download

        • memory/5076-17-0x0000000004E20000-0x0000000004E2A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/5076-18-0x0000000008350000-0x0000000008956000-memory.dmp

          Filesize

          6.0MB

          Download

        • memory/5076-19-0x0000000007EE0000-0x0000000007FEA000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/5076-20-0x0000000007E10000-0x0000000007E22000-memory.dmp

          Filesize

          72KB

          Download

        • memory/5076-21-0x0000000007E70000-0x0000000007EAE000-memory.dmp

          Filesize

          248KB

          Download

        • memory/5076-22-0x0000000007FF0000-0x000000000803B000-memory.dmp

          Filesize

          300KB

          Download

        • memory/5076-23-0x0000000073F80000-0x000000007466E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/5076-24-0x0000000073F80000-0x000000007466E000-memory.dmp

          Filesize

          6.9MB

          Download