Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Solara.exe

windows7-x64

10

Solara.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    16s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2024, 20:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Solara.exe

  • Size

    1.4MB

  • MD5

    8c6298202dd74e77b238f50a26a07233

  • SHA1

    6d71bb75a517e873a16398330dcda437cde26e6d

  • SHA256

    7cc4643e4b4a49820cb461ef005e129363c3336b9d28dde1aa397b7118f709f0

  • SHA512

    7856dee0adb985ef521e2c7ff7a1ffeb9b39f18743e2c18ad9cd3f6f9b87a70a1f9fde108492b8362b67910e82c9c18be57af65f8f2c5d90ed5494873ede96b1

  • SSDEEP

    24576:j6F4Df9Gpethg/Md+54x8C2p1ywbxpPzgXSX+O0b33fzEhsx7wHJL08b1YLl5wmr:j6FKf9Gwhg/++W6bp1rbxpPzJLu38sxl

Score
10/10
meduzastealer

Malware Config

Extracted

Family

meduza

C2

127.0.0.1

Signatures

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza
  • Meduza Stealer payload 8 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Solara.exe
    "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • NTFS ADS
    • Suspicious use of WriteProcessMemory
    PID:2772
    • C:\Users\Admin\AppData\Local\Temp\Solara.exe
      "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
      2⤵
      • Checks computer location settings
      PID:2828

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2772-20-0x000007FEF6BD0000-0x000007FEF6CFC000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2772-19-0x000000013F7B0000-0x000000013F925000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2828-12-0x0000000140000000-0x0000000140103000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2828-23-0x0000000140000000-0x0000000140103000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2828-22-0x0000000140000000-0x0000000140103000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2828-18-0x0000000140000000-0x0000000140103000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2828-14-0x0000000140000000-0x0000000140103000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2828-16-0x0000000140000000-0x0000000140103000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2828-10-0x0000000140000000-0x0000000140103000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2828-8-0x0000000140000000-0x0000000140103000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2828-7-0x000007FFFFFDA000-0x000007FFFFFDB000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2828-6-0x0000000140000000-0x0000000140103000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2828-5-0x000007FFFFFDA000-0x000007FFFFFDB000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2828-4-0x0000000140000000-0x0000000140103000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2828-3-0x0000000140000000-0x0000000140103000-memory.dmp

    Filesize

    1.0MB

    Download