Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

Solarae/AM...64.exe

windows11-21h2-x64

1

Solarae/HardDisk.exe

windows11-21h2-x64

6

Solarae/MA...er.exe

windows11-21h2-x64

3

Solarae/So...er.bat

windows11-21h2-x64

1

Solarae/am...64.sys

windows11-21h2-x64

1

Solarae/am...64.sys

windows11-21h2-x64

1

Analysis

  • max time kernel
    433s
  • max time network
    436s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14/09/2024, 12:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Solarae/Solarae Spoofer.bat

  • Size

    3KB

  • MD5

    5e2550f2d931afb96551e967689e0ac9

  • SHA1

    9ad0b39606b1ec5c12d4c6c71c959c0a35d6d776

  • SHA256

    34211b88c97b92bd97b4e03b1e6c9db17dacae20189a688bca1a7cc5bd2bb34b

  • SHA512

    13c897e281c0b985ab15231da77ec7f07e66dfc46bb88ef90fa70378316f62862d83113d68e39c31f03243d52a3e92bb3e5c4e8148e1f635698089a0c4a21207

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Solarae\Solarae Spoofer.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2992
    • C:\Windows\system32\mode.com
      mode con: cols=80 lines=25
      2⤵
        PID:4000

    Network

    • flag-us
      DNS
      48.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      48.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      4.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      4.173.189.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      ocsp.digicert.com
      Remote address:
      8.8.8.8:53
      Request
      ocsp.digicert.com
      IN A
      Response
      ocsp.digicert.com
      IN CNAME
      ocsp.edge.digicert.com
      ocsp.edge.digicert.com
      IN CNAME
      fp2e7a.wpc.2be4.phicdn.net
      fp2e7a.wpc.2be4.phicdn.net
      IN CNAME
      fp2e7a.wpc.phicdn.net
      fp2e7a.wpc.phicdn.net
      IN A
      192.229.221.95
    • flag-us
      DNS
      ctldl.windowsupdate.com
      Remote address:
      8.8.8.8:53
      Request
      ctldl.windowsupdate.com
      IN A
      Response
      ctldl.windowsupdate.com
      IN CNAME
      ctldl.windowsupdate.com.delivery.microsoft.com
      ctldl.windowsupdate.com.delivery.microsoft.com
      IN CNAME
      wu-b-net.trafficmanager.net
      wu-b-net.trafficmanager.net
      IN CNAME
      download.windowsupdate.com.edgesuite.net
      download.windowsupdate.com.edgesuite.net
      IN CNAME
      a767.dspw65.akamai.net
      a767.dspw65.akamai.net
      IN A
      92.123.143.240
      a767.dspw65.akamai.net
      IN A
      92.123.140.25
    • flag-us
      DNS
      240.143.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.143.123.92.in-addr.arpa
      IN PTR
      Response
      240.143.123.92.in-addr.arpa
      IN PTR
      a92-123-143-240deploystaticakamaitechnologiescom
    No results found
    • 8.8.8.8:53
      48.229.111.52.in-addr.arpa
      dns
      348 B
       905 B
       5
      5

      DNS Request

      48.229.111.52.in-addr.arpa

      DNS Request

      4.173.189.20.in-addr.arpa

      DNS Request

      ocsp.digicert.com

      DNS Response

      192.229.221.95

      DNS Request

      ctldl.windowsupdate.com

      DNS Response

      92.123.143.240
      92.123.140.25

      DNS Request

      240.143.123.92.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.