Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Solara.exe

windows7-x64

10

Solara.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    35s
  • max time network
    36s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/09/2024, 20:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Solara.exe

  • Size

    1.4MB

  • MD5

    8c6298202dd74e77b238f50a26a07233

  • SHA1

    6d71bb75a517e873a16398330dcda437cde26e6d

  • SHA256

    7cc4643e4b4a49820cb461ef005e129363c3336b9d28dde1aa397b7118f709f0

  • SHA512

    7856dee0adb985ef521e2c7ff7a1ffeb9b39f18743e2c18ad9cd3f6f9b87a70a1f9fde108492b8362b67910e82c9c18be57af65f8f2c5d90ed5494873ede96b1

  • SSDEEP

    24576:j6F4Df9Gpethg/Md+54x8C2p1ywbxpPzgXSX+O0b33fzEhsx7wHJL08b1YLl5wmr:j6FKf9Gwhg/++W6bp1rbxpPzJLu38sxl

Score
10/10
meduzastealer

Malware Config

Extracted

Family

meduza

C2

127.0.0.1

Signatures

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza
  • Meduza Stealer payload 4 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Solara.exe
    "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • NTFS ADS
    • Suspicious use of WriteProcessMemory
    PID:2996
    • C:\Users\Admin\AppData\Local\Temp\Solara.exe
      "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
      2⤵
      • Checks computer location settings
      PID:4108

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\a.exe:extractor.dll
    Filesize

    1.1MB

    MD5

    6450ffb674f57086f4630e8485286fa5

    SHA1

    42083caa94735205dac5858d3953f0066b880881

    SHA256

    db8ee06b8f671896d2afc837b73f272eb0f9359f5899425b0cfa26d4df43e765

    SHA512

    02155d2a4acde5643593951256949980a7f967a938ad9884b94f1de43b63ee8ceced5271168bfacdc6fc307601d1ff21c119b11041e5a20fef66ab42daefd81d

    Download Submit

  • memory/2996-7-0x00007FF7B29F0000-0x00007FF7B2B65000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2996-8-0x00007FFBDA430000-0x00007FFBDA55C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4108-6-0x0000000140000000-0x0000000140103000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4108-9-0x0000000140000000-0x0000000140103000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4108-3-0x0000000140000000-0x0000000140103000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4108-5-0x0000000140000000-0x0000000140103000-memory.dmp

    Filesize

    1.0MB

    Download