007cfb9b07a76a2ad7280deb4cf9c88d1f7e7fcd59ba7c028bb47dd351e46498

Resubmissions

18-11-2024 21:41

241118-1j4tcswfnr 9

18-11-2024 21:39

241118-1hmtfsvrhw 3

Analysis

max time kernel
96s
max time network
208s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
18-11-2024 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Solar Lite Installer.exe
Size

1.3MB
MD5

dd8c5c7c305665dcad8e5782c95f4a89
SHA1

11030215601ef6dd6c5576d9562fb5be2c2138b8
SHA256

007cfb9b07a76a2ad7280deb4cf9c88d1f7e7fcd59ba7c028bb47dd351e46498
SHA512

95c9dea6105d774f6e25a2384dbdbb511f654be054deceeb7f09ae5957afc6f234e2b4b3087f82b2d75c6501cda069eb736e54ed0e34ae2139393a18a05908f0
SSDEEP

24576:ewYsivZnt8U9GTQcPTAcySiDNpfVkqgfPyU8/oa8reuaD6UwYsivZnt8U9Y:ejzZnPC70nS4pfVkqgy6r3aGUjzZnP

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Solar Lite Installer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Solar Lite Installer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Solar Lite Installer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Solar Lite Installer.exe

C:\Users\Admin\AppData\Local\Temp\Solar Lite Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Solar Lite Installer.exe"
1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:3444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3444-0-0x00000000750FE000-0x00000000750FF000-memory.dmp

Filesize
4KB

Download
memory/3444-1-0x0000000000940000-0x0000000000A98000-memory.dmp

Filesize
1.3MB

Download
memory/3444-2-0x0000000005AC0000-0x0000000006066000-memory.dmp

Filesize
5.6MB

Download
memory/3444-3-0x0000000005510000-0x00000000055A2000-memory.dmp

Filesize
584KB

Download
memory/3444-4-0x0000000005440000-0x000000000544A000-memory.dmp

Filesize
40KB

Download
memory/3444-5-0x00000000750F0000-0x00000000758A1000-memory.dmp

Filesize
7.7MB

Download
memory/3444-6-0x00000000058B0000-0x0000000005AC2000-memory.dmp

Filesize
2.1MB

Download
memory/3444-7-0x00000000750F0000-0x00000000758A1000-memory.dmp

Filesize
7.7MB

Download
memory/3444-8-0x00000000750FE000-0x00000000750FF000-memory.dmp

Filesize
4KB

Download
memory/3444-9-0x00000000750F0000-0x00000000758A1000-memory.dmp

Filesize
7.7MB

Download