Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
14/03/2024, 22:59
Behavioral task
behavioral1
Sample
bb004c673ce411201dd96cf3ca45337b2f423195bc464b923d92fa3694e0bc64.exe
Resource
win7-20240221-en
4 signatures
150 seconds
General
-
Target
bb004c673ce411201dd96cf3ca45337b2f423195bc464b923d92fa3694e0bc64.exe
-
Size
3.5MB
-
MD5
577c088800f5e59079cc84751facf5ce
-
SHA1
796ca31670f9b70aa971c810fce8b98f078d3a73
-
SHA256
bb004c673ce411201dd96cf3ca45337b2f423195bc464b923d92fa3694e0bc64
-
SHA512
51142ae105e85c7dcde4d9536593eae6380dbf880838a41efeacbef8b27487b515850c35ed6f1e3d7b2eee6505c9d0cf97ca0bb627e89eed5c595790e6d03454
-
SSDEEP
49152:cn1A79ccGPLR6+wlczUZpZ1+TzEsT1PW+/mcP4/x:cn279ccGPLR6+wlcoZpZ0p
Malware Config
Signatures
-
Quasar payload 1 IoCs
resource yara_rule behavioral1/memory/2452-0-0x0000000000C70000-0x0000000000FF0000-memory.dmp family_quasar -
Detects executables containing base64 encoded User Agent 1 IoCs
resource yara_rule behavioral1/memory/2452-0-0x0000000000C70000-0x0000000000FF0000-memory.dmp INDICATOR_SUSPICIOUS_EXE_B64_Encoded_UserAgent -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2452 bb004c673ce411201dd96cf3ca45337b2f423195bc464b923d92fa3694e0bc64.exe