Resubmissions
29-08-2024 18:55
240829-xk71maxhql 1029-08-2024 18:52
240829-xh927swcmf 1029-08-2024 18:50
240829-xhcrpsxgnp 629-08-2024 18:46
240829-xekyxawaqd 7Analysis
-
max time kernel
76s -
max time network
80s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
29-08-2024 18:50
General
-
Target
SynapseDowngrader.exe
-
Size
600KB
-
MD5
8c48b5f9d5efc74bfb95390ea23f2db7
-
SHA1
76e3c2b597164b9009c65f421e87abfc3b3e412b
-
SHA256
21829708b9a4864c95b5f388fb3e0e850c2f1e04e17f093e6e6bb7d7f383e913
-
SHA512
de80367169c7862ec66505c84c42be1134c16c9c19a8f1344d6ed9dd1d7510fe993cc249b077c2e61c2f3cdd2555930eef50f44e287fb42ef11b00593229a28f
-
SSDEEP
12288:Egby/bP2s/c9DO3LOBCjey8al5+mAIG+dGRqCW77UZh:Egby/bP2sIDULOBCjlvWI7GRk2
Malware Config
Signatures
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in Windows directory 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 3 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 26 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SynapseDowngrader.exe"C:\Users\Admin\AppData\Local\Temp\SynapseDowngrader.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pause > nul2⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd3900cc40,0x7ffd3900cc4c,0x7ffd3900cc582⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,17365296014301953856,11537375568015612508,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1808 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1892,i,17365296014301953856,11537375568015612508,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:32⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,17365296014301953856,11537375568015612508,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2520 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,17365296014301953856,11537375568015612508,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,17365296014301953856,11537375568015612508,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3376 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3708,i,17365296014301953856,11537375568015612508,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3712 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4384,i,17365296014301953856,11537375568015612508,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4788 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4836,i,17365296014301953856,11537375568015612508,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4832 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4932,i,17365296014301953856,11537375568015612508,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4944 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd488f46f8,0x7ffd488f4708,0x7ffd488f47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5612 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3872 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5788 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,5753631638220650115,11112161720192427946,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\Solara\compiler.exe"C:\Users\Admin\Downloads\Solara\compiler.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\Solara\compiler.exe"C:\Users\Admin\Downloads\Solara\compiler.exe"1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Solara\Launcher.bat" "1⤵
-
C:\Users\Admin\Downloads\Solara\compiler.execompiler.exe conf.txt2⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /sc daily /st 13:28 /f /tn GameOptimizerTask_ODA1 /tr ""C:\Users\Admin\AppData\Local\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\ODA1.exe" "C:\Users\Admin\AppData\Local\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\conf.txt""3⤵
- System Location Discovery: System Language Discovery
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /sc daily /st 13:28 /f /tn Setup /tr "C:/Windows/System32/oobe/Setup.exe" /rl highest3⤵
- System Location Discovery: System Language Discovery
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\Solara\compiler.exe"C:\Users\Admin\Downloads\Solara\compiler.exe"1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5ffe9f21707ac4c68a9e2429367ca6dcc
SHA1e877a8a5e245009ce3eb7f790ad31a72c95d14bb
SHA256419eb7029df99ddc0c94bda62944b7f4aeda5884b9a61ac171b8e139b6f256a5
SHA512106ad80db8be0ebfb0a61bde71aa1fa4ea4a72c209e89fc9b5bdd80ca0ef26a4fe28cea543e8e34291aafb647b84a1017fdcf8ef35fb63f7717ed9ecbaa6958c
-
Filesize
211KB
MD5e7226392c938e4e604d2175eb9f43ca1
SHA12098293f39aa0bcdd62e718f9212d9062fa283ab
SHA256d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1
SHA51263a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145
-
Filesize
192B
MD50d7c58c3fb87d37efed96bafbc86b006
SHA1b51f5aac144ef9f8b9f280db2d79f72ecc291b6e
SHA2562eec410561eb8f0c78f6ffb55d17843b3f4d41840c16da4648cd82306359b283
SHA5129f5c4e65fa8562fc5ee87902f4862aff0262870bf15c835f4f24e1cbb8978c872853b9089a932f0d64854a7ebf782c10c79b2a0a967f21a812c4736e13d5cda1
-
Filesize
2KB
MD5e4afd2bdac3bd7b091583f918851183a
SHA1105a3cb9d845e0acd755a47a73b77355318d17d2
SHA256087e64c3a07be91c2da5ee661b177543f03b278c9148262ff1f01e94307f07a3
SHA51257eb14053cbdeb01c018410804b4861830327b053f10f348ac94caa8f576e09116d407010639b97679a5d116df89fdbd86267644f851435af5d6ae9ce4de7de1
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD576bc1ec150d6f24d23718457aaf924d0
SHA137d6e991eea807b2c080e6f0ccf02929f767c0eb
SHA256b1180573c9100c4275e31acf216094e57ca71608e3890b2f986ddc512b28b87e
SHA5125d08858b0680e9deff61051eff3dd527638f673fb6f0654b5cf6ab61e9e313b45e2410efafab0bc25dbc4526e38ca068634b0e5c6ac6b4d24caa630cbcea5961
-
Filesize
9KB
MD58e6b65703caa5d67c9a92d844f52ab32
SHA19eefca1d971ceed5a9da95214cf5ca38345dc45b
SHA2569a252106e754b44e0b96374708659536d95b4bad1dbf9d5e011c02af9c9b6982
SHA5129bbf52cf976317a19f3c65c9da43cbe8ad2bf514dd609bbe1530ef1d935af56198c201e19df6560bcb6902c36309f6befb7351316b852604b5e431c6e0ee84b6
-
Filesize
9KB
MD59fa598de73fa5fd34fd215d2f0edd907
SHA1bd2f86fd7a575ad5da43d927b657923d869b99db
SHA25687cfbb0076cff8eeaf63e4d8a0911340fdab290ffd5c50595861e727809ce7a9
SHA5126924e9931cd8554c79ee4ad200ef7438919c4af21c663f0c96e7c92a7eb2bfceeac348aeac7da78d05dc968f4f00e837af69928af180cec6f048d05cd3ddd3bf
-
Filesize
9KB
MD56decf9b2ec1099848db8631f2d970eb9
SHA11bab0195c2493a152bc92c73b4155f90834eeccc
SHA256a303aa8e5a637437b087257562798af8a87d87921a8358779e585fa35d3fc7c3
SHA51208749b47dcd75cf9e670fb441aeb1bb169fbe9a3c18e2b49786779424c8aad925b4ff6ac538e8bc3bc30b2f8c06c4b5b74ce8a472a3b2c6a808837e3a6f11174
-
Filesize
9KB
MD587096f64c60344b1d3d061a3949cbaed
SHA1b6d5a97a85eac76090fa7f17b9ddfa3e169170ea
SHA2561933e1b142d32aae7ef254fb90291c08f2221a395c4ecfdb51de85659b9231af
SHA512588d351b80b5a8075ff6040d36915fa36108fb50acc6d96f5215ca614753534a192f11d6afc8ba072d6971624d7d9d0e5d5fbae427b60c25e94cec9b6164bcd1
-
Filesize
9KB
MD50162e89c2c52cb274df80f5c48dcfec4
SHA1b55a503362646b454f9cc644ff8ce341998c0517
SHA256b46d20bee49ca1620f7c31ee0405130d7026faa1a4d07fbb82e030c9946219ad
SHA512e6ebd32d230a214ba53c8ff10fca7b3d1d699b1370fc59c81b9f7bd395392533841e3ea66e3fa1aede04d2df6a6b52ba74c776f85742396cd54d37be0c72cfe6
-
Filesize
15KB
MD5b37930b5f7c01dbe0c2d449dbf2d2ee1
SHA189b6f14c3cc395bd8bb99a2cc95c9ea5129bcd23
SHA256b56382c1344e94de9a2716e5a1346f1c1d11998ea8504599217d686da8d8d8e6
SHA5123fb2015565bc3274ca6948de74f04dffaad9c90936d15d40c2fb0df59bb5c6d93c7d099d517b1323479424241ef15107dbb6306c3d69d0b39f09b0943973f0ea
-
Filesize
202KB
MD5285fcb763b59e51a8fda72fcc962227c
SHA1a419fa255c55c3bdd74ae4239fc0bec9ddc2c3c5
SHA2564c45eede0b13306d9db8a68149b96a39a62382e035ad6957279181d78dcf5be2
SHA512a8849c33198d110a0f7d34e370e90bf27025af35a98e90818f9f02482b771c5a9b102a148d71a715130aafbc208ca11a3030ff36128445c297896d1d5f4c106f
-
Filesize
202KB
MD5750d5a161ae47b244a787fd1a62144a6
SHA15d2912eb0e6015643930ff502f52b5f2c8f39768
SHA256c63a33ec3b3be13fb30a78b9e1af16e2b0352dacf20319628cac91be3d8316a1
SHA5125a5909d880d10298f012c02bcbb865315b0651c7155f86b12369d697273aacb93c80621ea62f4ddd843e595a4bf0ebdf29854b51fe5f2b2b4821bdb0c08dd8e5
-
Filesize
152B
MD50446fcdd21b016db1f468971fb82a488
SHA1726b91562bb75f80981f381e3c69d7d832c87c9d
SHA25662c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA5121df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31
-
Filesize
67KB
MD5ed124bdf39bbd5902bd2529a0a4114ea
SHA1b7dd9d364099ccd4e09fd45f4180d38df6590524
SHA25648232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44
SHA512c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
43KB
MD55d9674d3635de7a420d20b74cfbb9d0b
SHA164c02c84a46e3b867c8450e599ee1aa31d66c66f
SHA25673977e7b735626e4892f193331f679740f64ed9f12291e63b8de70523fcf8b64
SHA512691bd0acafef19aba971f22e877be2071f4b8acb7edd2a18093ec6d5373b4ec76da088ccf6b12ebae5cd3d5b6c3e8a708fa29ee62ec85ce91a6847ea987bde7f
-
Filesize
19KB
MD576a3f1e9a452564e0f8dce6c0ee111e8
SHA111c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.3MB
MD5bb23576e988ee410c53c6982529308d3
SHA19c19397e83f7fe40a07eca22f5e5bbf64974918f
SHA2561cb59c4d383ffcb876f1f7c279007731b87644e0b17620135639cc9b0186b393
SHA512fe26c6bd32970627459a5a695de2de7b429099fab9c42f79a5a9df92e3e3d179687d457a356fbefaaedb874461c78182b42744b59e03a3c63cde5230c4bd7e6e
-
Filesize
2KB
MD5e0c4ff7067957382fa8ad067a1650142
SHA146877dcb8e52d6f5b056ddf1795c0a9e70bb32e7
SHA2562b7c5c377eb13b2504ac71d7118d92d850304abee05f2d5474fd6e90b82dfd8f
SHA5120b3859651659f0363d5c3b5cdc8eaa15a2269ea5d793c5afbab048c4cd3d54aa805e975375c7644aefb9e5e6b2fc46d18f3a6da005bc19ae8b76d57e54a9620a
-
Filesize
6KB
MD54fda075c4f57c68b8022919ac2f48eaa
SHA16a832e9266905142b5a3d75993bf2adcb8fb989e
SHA256386ccd19bcfce6bf5ae33db941c41ff62d3105f8ffcc4a0e92e616161308dcb2
SHA512c39156a5672f481971168acc01343e40a40c7ebe5630eb15bae4e60fa3233b3162d1233f90f79be0c707153f68b61ca94f4d2fc772fd800886ae91762d485173
-
Filesize
5KB
MD58dea8b763dd91dac24cbc3c1879a07e1
SHA1f6d63dbcdca4a9f47e8d6befafd45dd7f39486d1
SHA2561dfa521f96952792e8c30f87214fc4bacd4e8a798ce6809bbe475a91ece7457d
SHA51211fbccd5d734dfeec3fe6db48f25d9f9bde3f2d2e4d71317b958e34b82c913a50490f746b9c4a73b2a3b2acd3078788531a9e7cf556920f8929d67198aceb867
-
Filesize
6KB
MD551683bfc9acdf92fa81ed3401c15e5bf
SHA1f020ae272c6cfb6768ac1aa85b33664003e4ac4b
SHA256a1c786bb052085668d2fea304b37a6cf7ba56f4a3a8a10cbe0f4b6fa950741d6
SHA512258833ae20a01f354e256279db38b04d644d846ed5ddc89c9882d562a1e49d12137602eab85016c791479f160f340a24f34a3dd058dead5c93108ce0bea9ea31
-
Filesize
6KB
MD5f8ab2df6380b71d8270626e94290baf9
SHA1e5ee88d23d8cf07ac2254ffe3871127c1050a7f1
SHA2567f67106da8118bbdee2e9e7ca08f340f437295045108b5be54bc781716927c5d
SHA512ede5e2a309886c24a0fc83f750211493571372ec08cbf25e3a3df8fb4ac8b210b50fb2728b4aaf349f62df033526294f37c03d1b5696f514ff55651891f431d6
-
Filesize
6KB
MD5780eb0440de245bdce18ac755a64f655
SHA1682331c357e3d20578fae22b3a3e3c561656492d
SHA2568d8ebfc0b6ff22784586cf4d96b347e9cae1a649e0574f7778d986d8bce49237
SHA51290fb6c151bad92a7f624b53fb1db32f19b30b4983754146d7b3b8eab2a7f23e2e5b08d6755c463166ca1991534e999a153dae0dad4d67ce78603bf0cc38923e5
-
Filesize
1KB
MD56f54180ca61f77988db611c49350a5ca
SHA193865af6f15aff29219168c3351cfc4b47b77b92
SHA256aa3a4f0d6c2038dd606d9d57989842179ad2218e2426239f52263c5b2a3a8b65
SHA5125b3fc9007311cd60ad906052867f7fd45060c795833cbd9ec0677ab99b39217de35f39b7eb724474010fd64d99a6c0836cafdbe615340485b39c24b489771a66
-
Filesize
706B
MD5dd18c36e66134f5b2d2ebd61555fc918
SHA1febfc4edb82e20fd5f4cb05c7f1c796992440a79
SHA2567713c97ed1c3c67228a55771153c8cae185c13856048f4248f1ba7078d979ee7
SHA51218b154ef8912284aefd494140b7ffdbac6e8474451fcdc7225486913a05d447cc15d1527db0f5aa4a9700532384fb70c82ab67a997e7247ca350f82df4537d85
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD525f8dfab9315059c23f0f01eb1801b98
SHA11c17fc809c8462d985157dc3df31810f1cf762d7
SHA256e86e4bb069ab6574287a3c7c2ca6323757bceff9cc688b5963cd678873fbc020
SHA512c2e977bdded39581b8c4b7a57c05a2df0213b9aa6cca76c7bbba8d3ef0a06b8ddd49e5f9846a698f41caf2510aa855dc613a8f3a7c8bef413d6134981a1454a8
-
Filesize
11KB
MD54b062b9bac2d2537bdf8600490096887
SHA1e2831462ee260697d1377d2d036113254ad9f7bf
SHA256911b25dfb6374472e3c4e79ffc064ffcd3e02ccad172841c3e70e5fe2461d022
SHA51292a87b002bca3b0b962db471c03daa6fd50bb368f3864e89e17f42a76c83dfed85ee828086d52741997ff4600b9455a501a3d1516e597a58bfad880cdd7883ad
-
Filesize
11KB
MD51d913193e039e00dfece79c0277930e9
SHA176592b60e11e7ea7a70ff29ad318e65293348d36
SHA2563bb6bd5e4af2f86d411d73db901ebcad3ace08b4a098e5942429667d3838beb0
SHA512a927afa1752ce523c270fd0617cac15b6fe72f21e5a072f064e59b84c7353b9bbcea125ff07c06b199504db2ea95d1a3f08650d5419731721bc1c01ac45c96f1
-
Filesize
392KB
MD5ebf21bbf3ba7ee0cf34b4281846a2e68
SHA1ddc434925b879a96b0523d97e343ef3c1b86af6b
SHA256d84dda38b6065728b1bb5b78e0fc4cefca17603aed076241103b05a8b52ca693
SHA51279f424c286c6f0c56e4da646acc591253d7d8f28c7c672dd900acc8e51559293aea30dfeb5056322c3c183abce71a14a4187be9692d7fff2ebe0c0108757f8d7
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB