Overview

overview

7

Static

static

1

Solaraexecutor.zip

windows7-x64

7

Solaraexecutor.zip

windows10-2004-x64

1

Resubmissions

08-12-2024 13:21

241208-qlxsqazkck 7

08-12-2024 13:12

241208-qfk7qsyrgl 8

08-12-2024 13:05

241208-qbv65syqfq 8

08-12-2024 13:03

241208-qaeg1atrcw 8

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08-12-2024 13:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Solaraexecutor.zip

  • Size

    30.1MB

  • MD5

    5b96ce8081bb025c4ad8ae12dc91e102

  • SHA1

    8708c3a51d990a437a4fe003c1fe2bc39e2f65cb

  • SHA256

    f9e5fe3194d9734845dd782b8e41065577ed7628a112934f1a57599f8dd92209

  • SHA512

    39a5e646df49f5c45f24e6aa479dfb40302f939383fdad15d6e3d9de7819aac5a2ec5525fad46ead503fe94d97b11fa587aa0448051d78d37ee8f0f6fdaa146a

  • SSDEEP

    786432:3mA77b6IpMM1QvHzoB/h4pUfbRgo0lJBrPCLaBzR8mHl0:X/b6OMM1QvM/4p8R30lju26m6

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Solaraexecutor.zip"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2648
  • C:\Users\Admin\Desktop\Bootstraper.exe
    "C:\Users\Admin\Desktop\Bootstraper.exe"
    1⤵
    • Executes dropped EXE
    PID:2608
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\Desktop\cachehandler.dll
    Filesize

    4.7MB

    MD5

    a7b7470c347f84365ffe1b2072b4f95c

    SHA1

    57a96f6fb326ba65b7f7016242132b3f9464c7a3

    SHA256

    af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

    SHA512

    83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

    Download Submit

  • memory/2548-12-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2548-13-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2548-14-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2548-15-0x00000000021E0000-0x00000000021F0000-memory.dmp

    Filesize

    64KB

    Download