Overview

overview

10

Static

static

10

f2b738d50e...55.exe

windows7-x64

10

f2b738d50e...55.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/03/2024, 04:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f2b738d50e700083efe864836cd6a513047b5be66bb1b0808c56e760ddf66255.exe

  • Size

    3.9MB

  • MD5

    0187c60ae13c1ed1cdac1f8aab0765c1

  • SHA1

    b0057376c1ea6c7db2f073974c9d8c7ccd809fd2

  • SHA256

    f2b738d50e700083efe864836cd6a513047b5be66bb1b0808c56e760ddf66255

  • SHA512

    148967d35ecbfa899e44cb69bfe3d7d47321407de54890a58316ab019175e59e43092bb5e82476d063de38aba9b4f2888019dba19652ab21c9e452becb92fdac

  • SSDEEP

    98304:8mV91DnZybEG6YHriC9CL/nxSl9AinCXYx:88nZybEG6YHriC9ISzAin7x

Score
10/10
quasarspywaretrojan

Malware Config

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f2b738d50e700083efe864836cd6a513047b5be66bb1b0808c56e760ddf66255.exe
    "C:\Users\Admin\AppData\Local\Temp\f2b738d50e700083efe864836cd6a513047b5be66bb1b0808c56e760ddf66255.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4640
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3308 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3948

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/4640-0-0x0000000000F00000-0x00000000012F8000-memory.dmp

            Filesize

            4.0MB

            Download

          • memory/4640-1-0x00007FFC8C3F0000-0x00007FFC8CEB1000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/4640-2-0x0000000001C80000-0x0000000001C90000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4640-4-0x0000000003680000-0x00000000036A2000-memory.dmp

            Filesize

            136KB

            Download

          • memory/4640-5-0x000000001C360000-0x000000001C3B0000-memory.dmp

            Filesize

            320KB

            Download

          • memory/4640-6-0x000000001C470000-0x000000001C522000-memory.dmp

            Filesize

            712KB

            Download

          • memory/4640-7-0x000000001C530000-0x000000001C5A6000-memory.dmp

            Filesize

            472KB

            Download

          • memory/4640-8-0x00007FFC8C3F0000-0x00007FFC8CEB1000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/4640-9-0x0000000001C80000-0x0000000001C90000-memory.dmp

            Filesize

            64KB

            Download