bf76cc6bed0022d5021eca98401a4b919ed8f22ccffdb8df570058b0796e8c6f

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-12-2024 01:37

Target

Solara.exe
Size

6.9MB
MD5

780c16117b9f06921afbfb036cbcbdc0
SHA1

354ef08f78e4df580c5ea7963f879afc70757355
SHA256

bf76cc6bed0022d5021eca98401a4b919ed8f22ccffdb8df570058b0796e8c6f
SHA512

8add2dcc2b63c31a982aae694b2e2c675d5362200c0879217812f0778511f80ef16ff1d98a0503743edbd990efa4778c6dfd4686b0c75313c850ad9b851a833e
SSDEEP

98304:VNdkwN+MdA5wqSnW0g8MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DovaDJ1n6hBJ:V7V1v/B6ylnlPzf+JiJCsmFMvln6hqg7

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
1424	Solara.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001a42f-21.dat	upx
behavioral1/memory/1424-23-0x000007FEF59E0000-0x000007FEF5FCA000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 1424	1764	Solara.exe	31
PID 1764 wrote to memory of 1424	1764	Solara.exe	31
PID 1764 wrote to memory of 1424	1764	Solara.exe	31

C:\Users\Admin\AppData\Local\Temp\Solara.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Users\Admin\AppData\Local\Temp\Solara.exe
  "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
  2⤵
  - Loads dropped DLL
  PID:1424

C:\Users\Admin\AppData\Local\Temp\_MEI17642\python311.dll

Filesize
1.6MB

MD5
1e76961ca11f929e4213fca8272d0194

SHA1
e52763b7ba970c3b14554065f8c2404112f53596

SHA256
8a0c27f9e5b2efd54e41d7e7067d7cb1c6d23bae5229f6d750f89568566227b0

SHA512
ec6ed913e0142a98cd7f6adced5671334ec6545e583284ae10627162b199e55867d7cf28efeaadce9862c978b01c234a850288e529d2d3e2ac7dbbb99c6cde9b

Download Submit
memory/1424-23-0x000007FEF59E0000-0x000007FEF5FCA000-memory.dmp

Filesize
5.9MB

Download