4bb78f41a187427dab39d01db1388b75efc23bf5cf1e9d8ab2e7592b5e0a1d2a

Resubmissions

31/03/2025, 15:06

250331-sgykkavmt4 10

31/03/2025, 14:38

250331-rz3fssvjt2 3

16/08/2024, 16:02

240816-tg8wzatdmh 4

Analysis

max time kernel
46s
max time network
47s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
31/03/2025, 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

solarazip.html
Size

119KB
MD5

9653cd9d03154e9652798725190f3593
SHA1

b659f875788f4b5bc0a7a459f4abb28c74227272
SHA256

4bb78f41a187427dab39d01db1388b75efc23bf5cf1e9d8ab2e7592b5e0a1d2a
SHA512

c6a8e60ff42a4803b3b2e93c1e3fd453b8c9e18504807885529d869a942fd32f9978e120ec275fa848ebb20e6f15e657c019fbf59982a4015b5c434587274f32
SSDEEP

1536:wjWapmOcV+3VsXHqKFGRWejHqPIYiqzyjWapmOcV+3VsXHqKNVg1ePeZ34wpRFgf:wjpVsaKXyjpVsaKNVhQgf

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2244	chrome.exe
2244	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 5576	2244	chrome.exe	87
PID 2244 wrote to memory of 5576	2244	chrome.exe	87
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 4288	2244	chrome.exe	88
PID 2244 wrote to memory of 2284	2244	chrome.exe	89
PID 2244 wrote to memory of 2284	2244	chrome.exe	89
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90
PID 2244 wrote to memory of 3652	2244	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\solarazip.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc9699dcf8,0x7ffc9699dd04,0x7ffc9699dd10
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2064,i,8000060296304255946,300927024674475522,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1588,i,8000060296304255946,300927024674475522,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2380,i,8000060296304255946,300927024674475522,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,8000060296304255946,300927024674475522,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,8000060296304255946,300927024674475522,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4440,i,8000060296304255946,300927024674475522,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3944 /prefetch:2
  2⤵
  PID:4584

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3aa8b29477183fb0c357ae2b434ec271

SHA1
7480b12397e441f1d92347ae067898dfda9ecd37

SHA256
8978a62ab14663013c0c677170eb25eb5c9a678e5802696088bff6df15d00ec8

SHA512
3ce3c0cf6f438712ae01aa53aded0d434a181d153d9859faced9a5a57b8f01a33d323225e1823e763aa6723c3c4c6403ecc28ec178be080da786ca95c33a109a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3b408a00607db1b0d81efd164d0f0a39

SHA1
80cdfd4419f98f11b9c4c4b5bf8cd42d78ccc812

SHA256
617a3847b0676dc5a7eb1b645093384575f9a6c2c0fae40c4bbf551a18c69982

SHA512
03008e8d084b8f689a27c6fca5b8d03c180323f7ce10baed82182b30914990726fcbef36b086e3839acc401fd70949e227b7d01e127c1f79f498ec0052e5dbdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
328c996b51b6cd31ae0b3302686b612d

SHA1
2830f5d4e26278403aaf6b36de2c4273100265ac

SHA256
d036f2520fe83f5001b255f7008ebb03622edf5d1c4c9a89a786e31a1d321030

SHA512
abae3ccc6a0ff87b5ba8c8b5ab90f8af02ad9419a2d1f4a7259003d76fad600a81b8e953ac08ce93e00d85324041fb3a446fbe97b3b02c0a3863f2e645c31070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ae2f98459270d3e4c2f44e5187f0caaf

SHA1
c6c80c61b279557559e943e08213f38e55d3a253

SHA256
f3611bd441f4d9573e20ff87f02eedca637da148f801164da620fc1ddbc094e5

SHA512
fb79f52a5419afd830ba80bcb74808b5fcf7a09a379349cab9d16c82a1707fac40de39bc4e5e1ea723d415cc50524979c8255ee312e68bc2c0e6ca1ae968a09e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5779e3.TMP

Filesize
48B

MD5
ac90c31c82aad87e2fd590ba2e4b428f

SHA1
2f0fad057a3e00a1a7844d8a06142428dd07770d

SHA256
bab8176f2b5bf07993c8d4fbcf74e9c71a791fc80e75d2b1e5ca4ea99b079e09

SHA512
6a40644fe50861792e375ff7ecf790c36f106d07ec4b72d82da2f91ecfe465972de3b92bd8bcf1e717d90cf3e50b3f68a3d4d9dd337aa46251bb5247073d4c2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
cac5c3c9373b8fe125133d9084c42775

SHA1
138b506960fbaaf83c57067a3278fe5203c1a5a6

SHA256
24eb0af0a90c53b5a5092b9449a486a8973401f9edb3d3c8c16174ae1193e8de

SHA512
bedbe0db373d1b7a2f734dd32c4d8268c1c5e7525ebad9a66dfa830c963769ac0d24964b7b2576e0d7f35fab28b222d0ec25e614d36265eb7cca7192758d3c9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
e3f64a3d49104c23be73bcd44025f514

SHA1
4694df56a1cb9b9842f20577803df070c7d32f22

SHA256
779daa8f1c80818cb473e2efc74d9fceebc011035c7bdb288a36189a4654b449

SHA512
d6a0a48dc43fd8c982c19157f0c870933812217cdb12e8c647f1827f3266e944ec0bc4e602bf452d7204fc61fcf971aee7283bb137cf6efc0cd784f4fa3c8573

Download Submit