f9e5fe3194d9734845dd782b8e41065577ed7628a112934f1a57599f8dd92209 | Triage

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-12-2024 14:59

Sharing

Report Analysis Logs

General

Target

Solaraexecutor.zip
Size

30.1MB
MD5

5b96ce8081bb025c4ad8ae12dc91e102
SHA1

8708c3a51d990a437a4fe003c1fe2bc39e2f65cb
SHA256

f9e5fe3194d9734845dd782b8e41065577ed7628a112934f1a57599f8dd92209
SHA512

39a5e646df49f5c45f24e6aa479dfb40302f939383fdad15d6e3d9de7819aac5a2ec5525fad46ead503fe94d97b11fa587aa0448051d78d37ee8f0f6fdaa146a
SSDEEP

786432:3mA77b6IpMM1QvHzoB/h4pUfbRgo0lJBrPCLaBzR8mHl0:X/b6OMM1QvM/4p8R30lju26m6

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2836	Bootstraper.exe
2768	Bootstraper.exe
2616	Bootstraper.exe
2980	Bootstraper.exe

Loads dropped DLL 7 IoCs

pid	Process
1188	Process not Found
1188	Process not Found
1188	Process not Found
1188	Process not Found
1188	Process not Found
1188	Process not Found
1188	Process not Found

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2536	7zFM.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	2536	7zFM.exe
Token: 35	2536	7zFM.exe
Token: SeSecurityPrivilege	2536	7zFM.exe
Token: SeSecurityPrivilege	2536	7zFM.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2536	7zFM.exe
2536	7zFM.exe
2536	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Solaraexecutor.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2536

C:\Users\Admin\Desktop\Bootstraper.exe
"C:\Users\Admin\Desktop\Bootstraper.exe"
1⤵
- Executes dropped EXE
PID:2836

C:\Users\Admin\Desktop\Bootstraper.exe
"C:\Users\Admin\Desktop\Bootstraper.exe"
1⤵
- Executes dropped EXE
PID:2768

C:\Users\Admin\Desktop\Bootstraper.exe
"C:\Users\Admin\Desktop\Bootstraper.exe"
1⤵
- Executes dropped EXE
PID:2616

C:\Users\Admin\Desktop\Bootstraper.exe
"C:\Users\Admin\Desktop\Bootstraper.exe"
1⤵
- Executes dropped EXE
PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads