Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Malicious_...ea.exe

windows7-x64

10

Malicious_...ea.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    77s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/07/2023, 19:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Malicious_dcf346f4920e12fbf3418d5bac7a64404bb3a6c52e8bf92fba9697415eeba8ea.exe

  • Size

    111KB

  • MD5

    c0d06dbcd3079446b0bc0a229ee7872c

  • SHA1

    027bc1fd893a2d8b7be1422b571d92bbd50502ae

  • SHA256

    dcf346f4920e12fbf3418d5bac7a64404bb3a6c52e8bf92fba9697415eeba8ea

  • SHA512

    76c41e266c7b61792c91d5f56287a59fd9d9c549954ab96dded44dd9c50c0852c74eef5ccc2f846270d3b2c421c49600a7162ce6375c2487a72e1962224d90d4

  • SSDEEP

    3072:nZhyBzUsvlgy39UGf9NPNcp9bPEtpm4uz2:n6/vlgyeG1Up9bn6

Score
10/10
quasarspywaretrojan

Malware Config

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Malicious_dcf346f4920e12fbf3418d5bac7a64404bb3a6c52e8bf92fba9697415eeba8ea.exe
    "C:\Users\Admin\AppData\Local\Temp\Malicious_dcf346f4920e12fbf3418d5bac7a64404bb3a6c52e8bf92fba9697415eeba8ea.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3052-133-0x0000028F8C350000-0x0000028F8C372000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3052-135-0x0000028F8E0C0000-0x0000028F8E0D0000-memory.dmp

    Filesize

    64KB

    Download