Analysis
-
max time kernel
121s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
30-06-2024 21:21
Behavioral task
behavioral1
Sample
Solaris.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Solaris.exe
Resource
win10v2004-20240611-en
General
-
Target
Solaris.exe
-
Size
75.4MB
-
MD5
4b04a252512daad6d11c51446573e04d
-
SHA1
540eb73a64c396d5da19c9267a4f60152817db8e
-
SHA256
dc21544389191db1ecad74434878d61245f63335550a20af86d799043bfbbbec
-
SHA512
e6a98e0d404d2e065f5eceef36d9b8d8b560967251fb4564deb4929824c5d603bab8bb0472a2f957e30623f2c4d3e7a38f269b4aaf3aeb39f1a68fa66f2ce1ad
-
SSDEEP
1572864:0gvFUQ6l8GSk8IpG7V+VPhqIbE7WTylPj4iY4MHHLeqPNLtDaSWQZn6Oflz:0gvFU1iGSkB05awIxTy5nMHVLteS3bf9
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
Solaris.exepid process 1728 Solaris.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI22442\python310.dll upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Solaris.exedescription pid process target process PID 2244 wrote to memory of 1728 2244 Solaris.exe Solaris.exe PID 2244 wrote to memory of 1728 2244 Solaris.exe Solaris.exe PID 2244 wrote to memory of 1728 2244 Solaris.exe Solaris.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI22442\python310.dllFilesize
1.4MB
MD5933b49da4d229294aad0c6a805ad2d71
SHA19828e3ce504151c2f933173ef810202d405510a4
SHA256ab3e996db016ba87004a3c4227313a86919ff6195eb4b03ac1ce523f126f2206
SHA5126023188f3b412dd12c2d4f3a8e279dcace945b6e24e1f6bbd4e49a5d2939528620ceb9a5f77b9a47d2d0454e472e2999240b81bed0239e7e400a4e25c96e1165
-
memory/1728-1263-0x000007FEF5A80000-0x000007FEF5EEE000-memory.dmpFilesize
4.4MB