Analysis
-
max time kernel
150s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
12-09-2024 02:35
Behavioral task
behavioral1
Sample
solaraV8.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
solaraV8.exe
Resource
win10v2004-20240802-en
General
-
Target
solaraV8.exe
-
Size
78KB
-
MD5
4dbaa7f4cab6e1c9053ec5a30d057a63
-
SHA1
84dee1923f3d65f106d6b6b41e2a90895d444c99
-
SHA256
fc2efd8bc73e8194e6ffd0b08e2a07d5436678ec8fa117376454e12e7d5a7ecc
-
SHA512
454b4742f8267984dd801ab254f0b13e170de250b95ec0cf80095b8ac56fa627c4b9d34c60cd5215797fd6afd4e65265dc676e94ad4858333df1aad1165c3ca2
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+JPIC:5Zv5PDwbjNrmAE+5IC
Malware Config
Extracted
discordrat
-
discord_token
MTI4MzQ3NTY3MzkxODM0NTIyOA.GwQZAy.dzNxoLSQrrHQ7kQ84QzgXcXwQVIiFgky0-vXwk
-
server_id
1037097190742560768
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
flow ioc 8 discord.com 16 discord.com 29 discord.com 30 discord.com 7 discord.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133705823121064190" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 312 chrome.exe 312 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 1748 solaraV8.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe Token: SeCreatePagefilePrivilege 312 chrome.exe Token: SeShutdownPrivilege 312 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe 312 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 312 wrote to memory of 2004 312 chrome.exe 99 PID 312 wrote to memory of 2004 312 chrome.exe 99 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 4720 312 chrome.exe 100 PID 312 wrote to memory of 1044 312 chrome.exe 101 PID 312 wrote to memory of 1044 312 chrome.exe 101 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102 PID 312 wrote to memory of 556 312 chrome.exe 102
Processes
-
C:\Users\Admin\AppData\Local\Temp\solaraV8.exe"C:\Users\Admin\AppData\Local\Temp\solaraV8.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1748
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:312 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa35fbcc40,0x7ffa35fbcc4c,0x7ffa35fbcc582⤵PID:2004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,8337186571529367337,9041392464020498328,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1944 /prefetch:22⤵PID:4720
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,8337186571529367337,9041392464020498328,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2240 /prefetch:32⤵PID:1044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,8337186571529367337,9041392464020498328,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2500 /prefetch:82⤵PID:556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,8337186571529367337,9041392464020498328,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:12⤵PID:868
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3296,i,8337186571529367337,9041392464020498328,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:3996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3700,i,8337186571529367337,9041392464020498328,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3744 /prefetch:12⤵PID:4208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,8337186571529367337,9041392464020498328,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4812 /prefetch:82⤵PID:3912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4828,i,8337186571529367337,9041392464020498328,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4908 /prefetch:82⤵PID:3388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4048,i,8337186571529367337,9041392464020498328,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:2652
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:2316
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4844
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
206KB
MD5a8049079feafb185d34cd724e697f9d2
SHA1852ed0a4e768ced8af81bf9a2769fe0ebb43082a
SHA2565e923096511ea06777e18aa92ed6a622283183b08d591ace061c83457fce8659
SHA5120676a8b0875db5b3916a2a2639609c8ec26b8a62b279a3ed19f5cae3a9d4cf4dd792056e8071df243da8db113cda5f8a49e6eaf98777a5a44e982870696a811b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\451c44b9-70e2-4acf-b500-418e73bb4589.tmp
Filesize15KB
MD563ffd106a2587317f3b915dcc656fd4e
SHA13a336a47b4451d07ec5fa77d51a56c74d8689f62
SHA256b6c68630049433943d3b85d2fe44bb22a3fe077451c1c41d2e9420cfbf16d196
SHA512ba5795d7f0d89cf1142b881387833c04417b1ed9e5f8c7aff4f9e9f83bd4957c5c4383f673c42275d60b60ff8a93fc1a33ba532f44e079c1aba6750df3726528
-
Filesize
649B
MD50363efe378276249651c91b09270f52c
SHA14fce862967d2cc28e6d657266beb3bf384862c07
SHA25647e18b947e2b9d98d94124750fbdc49719870e7d317ac8af9a88f9e8bdd1d742
SHA512656180135282c0ed94408e19ddf26ebe59fd8aa0ad27715fe65115699ea6d4a22f595151b378ad99abae1c6d73c7b6b9a764382506f21a5016ae045ff191aefb
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD5daf676db81532cb905871bc4f4cdadc8
SHA1e3627b07218d779ac532d5094357caca0e0bc85a
SHA256b09df460405726c947db018c4062cd8d393d9a9d21cadc7706d90cc06c087315
SHA5126836406c19fd73b91c450a18bbc5daaf89232061bee847462b60e2548b43d12ba1b9208b9db1d7f3f16c14b80a58ae6f75ce66cf9659de995961558d649e7354
-
Filesize
10KB
MD502f60ab30b2f4a7c66281a266293d019
SHA13c04c4500e0d9c90f2c4541733fb6534f87c6c70
SHA256bbac8dfaae1219e044e867c8d5a24bc9f7cd5096ac33a198032f504e7ac270fb
SHA512487e1a4a95dcf6c0b1467c6f4b113703296fb7470336fe1c03b17eef8c83e057938a7ce775596f4a0f9d804e9ab94da868a413073ab511ac7f804caba0facaf7
-
Filesize
9KB
MD5b7d5a8fdea2977c1e6b336b96fb7ca91
SHA19c83d1569651a73f0ab2ee777aad245b390f12c3
SHA256901fa1a4d3257af80722e6ad2693d142fa6bbbebf3158518dee3b6d0dbffe621
SHA512fd86643c94424ab4c1f9870dcdf2cfc52178b6f024c3c7267c5ea9005bab97d35d6c6a41ab57574671f8a7c3992077b4d9d329e71cc1e08b7f107a419407af1f
-
Filesize
10KB
MD5c8db10206fdabc97b3730ee6560f36e8
SHA17d23c50d6351fdc1b5729bcbeef75a6c96ff6862
SHA2568c604fde13726ab25f487b8eb6fdef9d84308bdfab3486fa60695f54a332de18
SHA5123caba769293c9b3668c0f00548b365fc7dfe4ba4b43749c71c77dc8afdbf291c78ee373830139499941f672e351adacdd0c91248c7b7a008a99661230d2583c8
-
Filesize
10KB
MD58dbced4ca92cb139961cd82b754d4090
SHA19c1c7a7f6f4f6596afdda94e4f718df07513016d
SHA256c758718ea219d9ee2f1df0eb115747b09e7362de8445ca63a98b091cb0d43080
SHA5128ee82418e90b51a2c3e477552f08b309415e6f1758a61892c7dfeb71688770b7474c8ac8c68ddbb1fe4afe2f3c47811526df404ef8527f2570b8b1b75c92f134
-
Filesize
207KB
MD518a9036023fda45f536279023a61cbe9
SHA19e2d392c636226554c07e8332d0117476ee508a2
SHA25634928fb743f0d4e42842a82b590bab5e80af29871fd4d7f2017103f241bfb6b8
SHA512f954012e25b79603ee729df363246e2e1a9d1a2ab5fe0fcf9098aa0b6a681b8af387d75a231c344b55f4a943402ab5ad7545b78019a8969b4ad86de61541f39d