Analysis Overview

score

10^/10

SHA256

a8d2e1e4a318733fa0f741f82a2bd30f2dd8db6099f502c986b1d7cfdde83c46

Threat Level: Known bad

The file sigmahaks.exe was found to be: Known bad.

Malicious Activity Summary

it was the first day back to school cuttin up in class actin like a tool friends are rollin in we started talkin bout the summer dj saw twilight bummer i spoke up and i asked my friends "are there any new girls? nines or tens?" hopin a few hotties had moved from other cities and in walked this girl with tig 'ol bitties whoo i can't believe my eyes in a contest they'd win first prize double d, guarantee i was checkin the size it's like two beach balls in a shirt disguise or earth and mars havin some fun wait i take that back it's like two of the sun but at this point i let my mind run and drifted off thinkin bout them tig 'ol bitties hah, tig 'ol bitties mount fuji brought it's twin tig 'ol bitties two melons in a shirt tig 'ol bitties tig 'ol bitties i put books in my lap tig 'ol bitties heads bobbin as she walks tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties kept trippin in class cuz of her dang breasts in a tiny white shirt boobs havin a fiesta later in lab we were messin with test tubes couldn't keep my eyes off the new girls chest boobs! wasn't payin attention got busted had to serve detention in biology we talked about the bees the best kinda bees boob-bees whoo i can't believe my mind i hold a pokerface to her two of a kind with each step her breasts gettin redefined i'm makin my move i'm thinkin it's time oh snap i'mma ask her to prom and in my head she responds "you're the bomb" feelin nervous so i count to three "i like your boobs, go to prom with me?" hah, tig 'ol bitties king kong boobs tig 'ol bitties great tracks of land tig 'ol bitties tig 'ol bitties like my balls tig 'ol bitties real big tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties she said yes so i'm gettin ready stain on my shirt mom's spaghetti i pick her up and i'm pretty sure that she'll let me motor-boat like rrrrrr i try to cop a feel once we get to school she said "no touching, that's the rule" principal walks up on the scene "it's time to announce prom king and queen your favorite martian and tig 'ol bitties congratulations to you both on winning" time slowed down and she jumped for joy when out of her dress jumped something more tissues flew and rained from the sky oh my god you stuff your shirt!? your favorite martian in a world of hurt awwww fake 'ol bitties wow! fake 'ol bitties you breakin my heart with fake 'ol bitties you're crushin my dreams with fake 'ol bitties fake 'ol bitties i can't believable it fake 'ol bitties you really suck fake 'ol bitties i can't believe you would do that fake 'ol bitties fake 'ol bitties why would you do that when you're just trying to get everyone's attention stuffed boobs! they're lies! lies i tell you! but you know i'm still down to make out if you if you want to, want to come back with me you know what, never mindit was the first day back to school cuttin up in class actin like a tool friends are rollin in we started talkin bout the summer dj saw twilight bummer i spoke up and i asked my friends "are there any new girls? nines or tens?" hopin a few hotties had moved from other cities and in walked this girl with tig 'ol bitties whoo i can't believe my eyes in a contest they'd win first prize double d, guarantee i was checkin the size it's like two beach balls in a shirt disguise or earth and mars havin some fun wait i take that back it's like two of the sun but at this point i let my mind run and drifted off thinkin bout them tig 'ol bitties hah, tig 'ol bitties mount fuji brought it's twin tig 'ol bitties two melons in a shirt tig 'ol bitties tig 'ol bitties i put books in my lap tig 'ol bitties heads bobbin as she walks tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties kept trippin in class cuz of her dang breasts in a tiny white shirt boobs havin a fiesta later in lab we were messin with test tubes couldn't keep my eyes off the new girls chest boobs! wasn't payin attention got busted had to serve detention in biology we talked about the bees the best kinda bees boob-bees whoo i can't believe my mind i hold a pokerface to her two of a kind with each step her breasts gettin redefined i'm makin my move i'm thinkin it's time oh snap i'mma ask her to prom and in my head she responds "you're the bomb" feelin nervous so i count to three "i like your boobs, go to prom with me?" hah, tig 'ol bitties king kong boobs tig 'ol bitties great tracks of land tig 'ol bitties tig 'ol bitties like my balls tig 'ol bitties real big tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties she said yes so i'm gettin ready stain on my shirt mom's spaghetti i pick her up and i'm pretty sure that she'll let me motor-boat like rrrrrr i try to cop a feel once we get to school she said "no touching, that's the rule" principal walks up on the scene "it's time to announce prom king and queen your favorite martian and tig 'ol bitties congratulations to you both on winning" time slowed down and she jumped for joy when out of her dress jumped something more tissues flew and rained from the sky oh my god you stuff your shirt!? your favorite martian in a world of hurt awwww fake 'ol bitties wow! fake 'ol bitties you breakin my heart with fake 'ol bitties you're crushin my dreams with fake 'ol bitties fake 'ol bitties i can't believable it fake 'ol bitties you really suck fake 'ol bitties i can't believe you would do that fake 'ol bitties fake 'ol bitties why would you do that when you're just trying to get everyone's attention stuffed boobs! they're lies! lies i tell you! but you know i'm still down to make out if you if you want to, want to come back with me you know what, never mindit was the first day back to school cuttin up in class actin like a tool friends are rollin in we started talkin bout the summer dj saw twilight bummer i spoke up and i asked my friends "are there any new girls? nines or tens?" hopin a few hotties had moved from other cities and in walked this girl with tig 'ol bitties whoo i can't believe my eyes in a contest they'd win first prize double d, guarantee i was checkin the size it's like two beach balls in a shirt disguise or earth and mars havin some fun wait i take that back it's like two of the sun but at this point i let my mind run and drifted off thinkin bout them tig 'ol bitties hah, tig 'ol bitties mount fuji brought it's twin tig 'ol bitties two melons in a shirt tig 'ol bitties tig 'ol bitties i put books in my lap tig 'ol bitties heads bobbin as she walks tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties kept trippin in class cuz of her dang breasts in a tiny white shirt boobs havin a fiesta later in lab we were messin with test tubes couldn't keep my eyes off the new girls chest boobs! wasn't payin attention got busted had to serve detention in biology we talked about the bees the best kinda bees boob-bees whoo i can't believe my mind i hold a pokerface to her two of a kind with each step her breasts gettin redefined i'm makin my move i'm thinkin it's time oh snap i'mma ask her to prom and in my head she responds "you're the bomb" feelin nervous so i count to three "i like your boobs, go to prom with me?" hah, tig 'ol bitties king kong boobs tig 'ol bitties great tracks of land tig 'ol bitties tig 'ol bitties like my balls tig 'ol bitties real big tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties she said yes so i'm gettin ready stain on my shirt mom's spaghetti i pick her up and i'm pretty sure that she'll let me motor-boat like rrrrrr i try to cop a feel once we get to school she said "no touching, that's the rule" principal walks up on the scene "it's time to announce prom king and queen your favorite martian and tig 'ol bitties congratulations to you both on winning" time slowed down and she jumped for joy when out of her dress jumped something more tissues flew and rained from the sky oh my god you stuff your shirt!? your favorite martian in a world of hurt awwww fake 'ol bitties wow! fake 'ol bitties you breakin my heart with fake 'ol bitties you're crushin my dreams with fake 'ol bitties fake 'ol bitties i can't believable it fake 'ol bitties you really suck fake 'ol bitties i can't believe you would do that fake 'ol bitties fake 'ol bitties why would you do that when you're just trying to get everyone's attention stuffed boobs! they're lies! lies i tell you! but you know i'm still down to make out if you if you want to, want to come back with me you know what, never mindit was the first day back to school cuttin up in class actin like a tool friends are rollin in we started talkin bout the summer dj saw twilight bummer i spoke up and i asked my friends "are there any new girls? nines or tens?" hopin a few hotties had moved from other cities and in walked this girl with tig 'ol bitties whoo i can't believe my eyes in a contest they'd win first prize double d, guarantee i was checkin the size it's like two beach balls in a shirt disguise or earth and mars havin some fun wait i take that back it's like two of the sun but at this point i let my mind run and drifted off thinkin bout them tig 'ol bitties hah, tig 'ol bitties mount fuji brought it's twin tig 'ol bitties two melons in a shirt tig 'ol bitties tig 'ol bitties i put books in my lap tig 'ol bitties heads bobbin as she walks tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties kept trippin in class cuz of her dang breasts in a tiny white shirt boobs havin a fiesta later in lab we were messin with test tubes couldn't keep my eyes off the new girls chest boobs! wasn't payin attention got busted had to serve detention in biology we talked about the bees the best kinda bees boob-bees whoo i can't believe my mind i hold a pokerface to her two of a kind with each step her breasts gettin redefined i'm makin my move i'm thinkin it's time oh snap i'mma ask her to prom and in my head she responds "you're the bomb" feelin nervous so i count to three "i like your boobs, go to prom with me?" hah, tig 'ol bitties king kong boobs tig 'ol bitties great tracks of land tig 'ol bitties tig 'ol bitties like my balls tig 'ol bitties real big tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties she said yes so i'm gettin ready stain on my shirt mom's spaghetti i pick her up and i'm pretty sure that she'll let me motor-boat like rrrrrr i try to cop a feel once we get to school she said "no touching, that's the rule" principal walks up on the scene "it's time to announce prom king and queen your favorite martian and tig 'ol bitties congratulations to you both on winning" time slowed down and she jumped for joy when out of her dress jumped something more tissues flew and rained from the sky oh my god you stuff your shirt!? your favorite martian in a world of hurt awwww fake 'ol bitties wow! fake 'ol bitties you breakin my heart with fake 'ol bitties you're crushin my dreams with fake 'ol bitties fake 'ol bitties i can't believable it fake 'ol bitties you really suck fake 'ol bitties i can't believe you would do that fake 'ol bitties fake 'ol bitties why would you do that when you're just trying to get everyone's attention stuffed boobs! they're lies! lies i tell you! but you know i'm still down to make out if you if you want to, want to come back with me you know what, never mindit was the first day back to school cuttin up in class actin like a tool friends are rollin in we started talkin bout the summer dj saw twilight bummer i spoke up and i asked my friends "are there any new girls? nines or tens?" hopin a few hotties had moved from other cities and in walked this girl with tig 'ol bitties whoo i can't believe my eyes in a contest they'd win first prize double d, guarantee i was checkin the size it's like two beach balls in a shirt disguise or earth and mars havin some fun wait i take that back it's like two of the sun but at this point i let my mind run and drifted off thinkin bout them tig 'ol bitties hah, tig 'ol bitties mount fuji brought it's twin tig 'ol bitties two melons in a shirt tig 'ol bitties tig 'ol bitties i put books in my lap tig 'ol bitties heads bobbin as she walks tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties kept trippin in class cuz of her dang breasts in a tiny white shirt boobs havin a fiesta later in lab we were messin with test tubes couldn't keep my eyes off the new girls chest boobs! wasn't payin attention got busted had to serve detention in biology we talked about the bees the best kinda bees boob-bees whoo i can't believe my mind i hold a pokerface to her two of a kind with each step her breasts gettin redefined i'm makin my move i'm thinkin it's time oh snap i'mma ask her to prom and in my head she responds "you're the bomb" feelin nervous so i count to three "i like your boobs, go to prom with me?" hah, tig 'ol bitties king kong boobs tig 'ol bitties great tracks of land tig 'ol bitties tig 'ol bitties like my balls tig 'ol bitties real big tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties she said yes so i'm gettin ready stain on my shirt mom's spaghetti i pick her up and i'm pretty sure that she'll let me motor-boat like rrrrrr i try to cop a feel once we get to school she said "no touching, that's the rule" principal walks up on the scene "it's time to announce prom king and queen your favorite martian and tig 'ol bitties congratulations to you both on winning" time slowed down and she jumped for joy when out of her dress jumped something more tissues flew and rained from the sky oh my god you stuff your shirt!? your favorite martian in a world of hurt awwww fake 'ol bitties wow! fake 'ol bitties you breakin my heart with fake 'ol bitties you're crushin my dreams with fake 'ol bitties fake 'ol bitties i can't believable it fake 'ol bitties you really suck fake 'ol bitties i can't believe you would do that fake 'ol bitties fake 'ol bitties why would you do that when you're just trying to get everyone's attention stuffed boobs! they're lies! lies i tell you! but you know i'm still down to make out if you if you want to, want to come back with me you know what, never mindit was the first day back to school cuttin up in class actin like a tool friends are rollin in we started talkin bout the summer dj saw twilight bummer i spoke up and i asked my friends "are there any new girls? nines or tens?" hopin a few hotties had moved from other cities and in walked this girl with tig 'ol bitties whoo i can't believe my eyes in a contest they'd win first prize double d, guarantee i was checkin the size it's like two beach balls in a shirt disguise or earth and mars havin some fun wait i take that back it's like two of the sun but at this point i let my mind run and drifted off thinkin bout them tig 'ol bitties hah, tig 'ol bitties mount fuji brought it's twin tig 'ol bitties two melons in a shirt tig 'ol bitties tig 'ol bitties i put books in my lap tig 'ol bitties heads bobbin as she walks tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties kept trippin in class cuz of her dang breasts in a tiny white shirt boobs havin a fiesta later in lab we were messin with test tubes couldn't keep my eyes off the new girls chest boobs! wasn't payin attention got busted had to serve detention in biology we talked about the bees the best kinda bees boob-bees whoo i can't believe my mind i hold a pokerface to her two of a kind with each step her breasts gettin redefined i'm makin my move i'm thinkin it's time oh snap i'mma ask her to prom and in my head she responds "you're the bomb" feelin nervous so i count to three "i like your boobs, go to prom with me?" hah, tig 'ol bitties king kong boobs tig 'ol bitties great tracks of land tig 'ol bitties tig 'ol bitties like my balls tig 'ol bitties real big tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties she said yes so i'm gettin ready stain on my shirt mom's spaghetti i pick her up and i'm pretty sure that she'll let me motor-boat like rrrrrr i try to cop a feel once we get to school she said "no touching, that's the rule" principal walks up on the scene "it's time to announce prom king and queen your favorite martian and tig 'ol bitties congratulations to you both on winning" time slowed down and she jumped for joy when out of her dress jumped something more tissues flew and rained from the sky oh my god you stuff your shirt!? your favorite martian in a world of hurt awwww fake 'ol bitties wow! fake 'ol bitties you breakin my heart with fake 'ol bitties you're crushin my dreams with fake 'ol bitties fake 'ol bitties i can't believable it fake 'ol bitties you really suck fake 'ol bitties i can't believe you would do that fake 'ol bitties fake 'ol bitties why would you do that when you're just trying to get everyone's attention stuffed boobs! they're lies! lies i tell you! but you know i'm still down to make out if you if you want to, want to come back with me you know what, never mindit was the first day back to school cuttin up in class actin like a tool friends are rollin in we started talkin bout the summer dj saw twilight bummer i spoke up and i asked my friends "are there any new girls? nines or tens?" hopin a few hotties had moved from other cities and in walked this girl with tig 'ol bitties whoo i can't believe my eyes in a contest they'd win first prize double d, guarantee i was checkin the size it's like two beach balls in a shirt disguise or earth and mars havin some fun wait i take that back it's like two of the sun but at this point i let my mind run and drifted off thinkin bout them tig 'ol bitties hah, tig 'ol bitties mount fuji brought it's twin tig 'ol bitties two melons in a shirt tig 'ol bitties tig 'ol bitties i put books in my lap tig 'ol bitties heads bobbin as she walks tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties kept trippin in class cuz of her dang breasts in a tiny white shirt boobs havin a fiesta later in lab we were messin with test tubes couldn't keep my eyes off the new girls chest boobs! wasn't payin attention got busted had to serve detention in biology we talked about the bees the best kinda bees boob-bees whoo i can't believe my mind i hold a pokerface to her two of a kind with each step her breasts gettin redefined i'm makin my move i'm thinkin it's time oh snap i'mma ask her to prom and in my head she responds "you're the bomb" feelin nervous so i count to three "i like your boobs, go to prom with me?" hah, tig 'ol bitties king kong boobs tig 'ol bitties great tracks of land tig 'ol bitties tig 'ol bitties like my balls tig 'ol bitties real big tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties she said yes so i'm gettin ready stain on my shirt mom's spaghetti i pick her up and i'm pretty sure that she'll let me motor-boat like rrrrrr i try to cop a feel once we get to school she said "no touching, that's the rule" principal walks up on the scene "it's time to announce prom king and queen your favorite martian and tig 'ol bitties congratulations to you both on winning" time slowed down and she jumped for joy when out of her dress jumped something more tissues flew and rained from the sky oh my god you stuff your shirt!? your favorite martian in a world of hurt awwww fake 'ol bitties wow! fake 'ol bitties you breakin my heart with fake 'ol bitties you're crushin my dreams with fake 'ol bitties fake 'ol bitties i can't believable it fake 'ol bitties you really suck fake 'ol bitties i can't believe you would do that fake 'ol bitties fake 'ol bitties why would you do that when you're just trying to get everyone's attention stuffed boobs! they're lies! lies i tell you! but you know i'm still down to make out if you if you want to, want to come back with me you know what, never mindit was the first day back to school cuttin up in class actin like a tool friends are rollin in we started talkin bout the summer dj saw twilight bummer i spoke up and i asked my friends "are there any new girls? nines or tens?" hopin a few hotties had moved from other cities and in walked this girl with tig 'ol bitties whoo i can't believe my eyes in a contest they'd win first prize double d, guarantee i was checkin the size it's like two beach balls in a shirt disguise or earth and mars havin some fun wait i take that back it's like two of the sun but at this point i let my mind run and drifted off thinkin bout them tig 'ol bitties hah, tig 'ol bitties mount fuji brought it's twin tig 'ol bitties two melons in a shirt tig 'ol bitties tig 'ol bitties i put books in my lap tig 'ol bitties heads bobbin as she walks tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties kept trippin in class cuz of her dang breasts in a tiny white shirt boobs havin a fiesta later in lab we were messin with test tubes couldn't keep my eyes off the new girls chest boobs! wasn't payin attention got busted had to serve detention in biology we talked about the bees the best kinda bees boob-bees whoo i can't believe my mind i hold a pokerface to her two of a kind with each step her breasts gettin redefined i'm makin my move i'm thinkin it's time oh snap i'mma ask her to prom and in my head she responds "you're the bomb" feelin nervous so i count to three "i like your boobs, go to prom with me?" hah, tig 'ol bitties king kong boobs tig 'ol bitties great tracks of land tig 'ol bitties tig 'ol bitties like my balls tig 'ol bitties real big tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties she said yes so i'm gettin ready stain on my shirt mom's spaghetti i pick her up and i'm pretty sure that she'll let me motor-boat like rrrrrr i try to cop a feel once we get to school she said "no touching, that's the rule" principal walks up on the scene "it's time to announce prom king and queen your favorite martian and tig 'ol bitties congratulations to you both on winning" time slowed down and she jumped for joy when out of her dress jumped something more tissues flew and rained from the sky oh my god you stuff your shirt!? your favorite martian in a world of hurt awwww fake 'ol bitties wow! fake 'ol bitties you breakin my heart with fake 'ol bitties you're crushin my dreams with fake 'ol bitties fake 'ol bitties i can't believable it fake 'ol bitties you really suck fake 'ol bitties i can't believe you would do that fake 'ol bitties fake 'ol bitties why would you do that when you're just trying to get everyone's attention stuffed boobs! they're lies! lies i tell you! but you know i'm still down to make out if you if you want to, want to come back with me you know what, never mindit was the first day back to school cuttin up in class actin like a tool friends are rollin in we started talkin bout the summer dj saw twilight bummer i spoke up and i asked my friends "are there any new girls? nines or tens?" hopin a few hotties had moved from other cities and in walked this girl with tig 'ol bitties whoo i can't believe my eyes in a contest they'd win first prize double d, guarantee i was checkin the size it's like two beach balls in a shirt disguise or earth and mars havin some fun wait i take that back it's like two of the sun but at this point i let my mind run and drifted off thinkin bout them tig 'ol bitties hah, tig 'ol bitties mount fuji brought it's twin tig 'ol bitties two melons in a shirt tig 'ol bitties tig 'ol bitties i put books in my lap tig 'ol bitties heads bobbin as she walks tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties kept trippin in class cuz of her dang breasts in a tiny white shirt boobs havin a fiesta later in lab we were messin with test tubes couldn't keep my eyes off the new girls chest boobs! wasn't payin attention got busted had to serve detention in biology we talked about the bees the best kinda bees boob-bees whoo i can't believe my mind i hold a pokerface to her two of a kind with each step her breasts gettin redefined i'm makin my move i'm thinkin it's time oh snap i'mma ask her to prom and in my head she responds "you're the bomb" feelin nervous so i count to three "i like your boobs, go to prom with me?" hah, tig 'ol bitties king kong boobs tig 'ol bitties great tracks of land tig 'ol bitties tig 'ol bitties like my balls tig 'ol bitties real big tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties she said yes so i'm gettin ready stain on my shirt mom's spaghetti i pick her up and i'm pretty sure that she'll let me motor-boat like rrrrrr i try to cop a feel once we get to school she said "no touching, that's the rule" principal walks up on the scene "it's time to announce prom king and queen your favorite martian and tig 'ol bitties congratulations to you both on winning" time slowed down and she jumped for joy when out of her dress jumped something more tissues flew and rained from the sky oh my god you stuff your shirt!? your favorite martian in a world of hurt awwww fake 'ol bitties wow! fake 'ol bitties you breakin my heart with fake 'ol bitties you're crushin my dreams with fake 'ol bitties fake 'ol bitties i can't believable it fake 'ol bitties you really suck fake 'ol bitties i can't believe you would do that fake 'ol bitties fake 'ol bitties why would you do that when you're just trying to get everyone's attention stuffed boobs! they're lies! lies i tell you! but you know i'm still down to make out if you if you want to, want to come back with me you know what, never mindit was the first day back to school cuttin up in class actin like a tool friends are rollin in we started talkin bout the summer dj saw twilight bummer i spoke up and i asked my friends "are there any new girls? nines or tens?" hopin a few hotties had moved from other cities and in walked this girl with tig 'ol bitties whoo i can't believe my eyes in a contest they'd win first prize double d, guarantee i was checkin the size it's like two beach balls in a shirt disguise or earth and mars havin some fun wait i take that back it's like two of the sun but at this point i let my mind run and drifted off thinkin bout them tig 'ol bitties hah, tig 'ol bitties mount fuji brought it's twin tig 'ol bitties two melons in a shirt tig 'ol bitties tig 'ol bitties i put books in my lap tig 'ol bitties heads bobbin as she walks tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties kept trippin in class cuz of her dang breasts in a tiny white shirt boobs havin a fiesta later in lab we were messin with test tubes couldn't keep my eyes off the new girls chest boobs! wasn't payin attention got busted had to serve detention in biology we talked about the bees the best kinda bees boob-bees whoo i can't believe my mind i hold a pokerface to her two of a kind with each step her breasts gettin redefined i'm makin my move i'm thinkin it's time oh snap i'mma ask her to prom and in my head she responds "you're the bomb" feelin nervous so i count to three "i like your boobs, go to prom with me?" hah, tig 'ol bitties king kong boobs tig 'ol bitties great tracks of land tig 'ol bitties tig 'ol bitties like my balls tig 'ol bitties real big tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties she said yes so i'm gettin ready stain on my shirt mom's spaghetti i pick her up and i'm pretty sure that she'll let me motor-boat like rrrrrr i try to cop a feel once we get to school she said "no touching, that's the rule" principal walks up on the scene "it's time to announce prom king and queen your favorite martian and tig 'ol bitties congratulations to you both on winning" time slowed down and she jumped for joy when out of her dress jumped something more tissues flew and rained from the sky oh my god you stuff your shirt!? your favorite martian in a world of hurt awwww fake 'ol bitties wow! fake 'ol bitties you breakin my heart with fake 'ol bitties you're crushin my dreams with fake 'ol bitties fake 'ol bitties i can't believable it fake 'ol bitties you really suck fake 'ol bitties i can't believe you would do that fake 'ol bitties fake 'ol bitties why would you do that when you're just trying to get everyone's attention stuffed boobs! they're lies! lies i tell you! but you know i'm still down to make out if you if you want to, want to come back with me you know what, never mindit was the first day back to school cuttin up in class actin like a tool friends are rollin in we started talkin bout the summer dj saw twilight bummer i spoke up and i asked my friends "are there any new girls? nines or tens?" hopin a few hotties had moved from other cities and in walked this girl with tig 'ol bitties whoo i can't believe my eyes in a contest they'd win first prize double d, guarantee i was checkin the size it's like two beach balls in a shirt disguise or earth and mars havin some fun wait i take that back it's like two of the sun but at this point i let my mind run and drifted off thinkin bout them tig 'ol bitties hah, tig 'ol bitties mount fuji brought it's twin tig 'ol bitties two melons in a shirt tig 'ol bitties tig 'ol bitties i put books in my lap tig 'ol bitties heads bobbin as she walks tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties kept trippin in class cuz of her dang breasts in a tiny white shirt boobs havin a fiesta later in lab we were messin with test tubes couldn't keep my eyes off the new girls chest boobs! wasn't payin attention got busted had to serve detention in biology we talked about the bees the best kinda bees boob-bees whoo i can't believe my mind i hold a pokerface to her two of a kind with each step her breasts gettin redefined i'm makin my move i'm thinkin it's time oh snap i'mma ask her to prom and in my head she responds "you're the bomb" feelin nervous so i count to three "i like your boobs, go to prom with me?" hah, tig 'ol bitties king kong boobs tig 'ol bitties great tracks of land tig 'ol bitties tig 'ol bitties like my balls tig 'ol bitties real big tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties she said yes so i'm gettin ready stain on my shirt mom's spaghetti i pick her up and i'm pretty sure that she'll let me motor-boat like rrrrrr i try to cop a feel once we get to school she said "no t quasar spyware trojan

Quasar payload

Quasar family

Quasar RAT

Checks computer location settings

Executes dropped EXE

Enumerates physical storage devices

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Creates scheduled task(s)

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Runs ping.exe

MITRE ATT&CK Matrix V13

System Information Discovery

T1082

Remote System Discovery

Analysis: static1

Detonation Overview

Reported

2024-06-09 02:52

Signatures

Quasar family

quasar

Quasar payload

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A

Unsigned PE

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 02:52

Reported

2024-06-09 02:53

Platform

win7-20240419-en

Max time kernel

17s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\sigmahaks.exe"

Signatures

Quasar RAT

trojan spyware quasar

Quasar payload

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A

Executes dropped EXE

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence

Description	Indicator	Process	Target
N/A	N/A	C:\Windows\system32\schtasks.exe	N/A
N/A	N/A	C:\Windows\system32\schtasks.exe	N/A
N/A	N/A	C:\Windows\system32\schtasks.exe	N/A

Runs ping.exe

Description	Indicator	Process	Target
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A

Suspicious use of AdjustPrivilegeToken

Description	Indicator	Process	Target
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\sigmahaks.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A

Suspicious use of SetWindowsHookEx

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A

Suspicious use of WriteProcessMemory

Description	Indicator	Process	Target
PID 2068 wrote to memory of 1676	N/A	C:\Users\Admin\AppData\Local\Temp\sigmahaks.exe	C:\Windows\system32\schtasks.exe
PID 2068 wrote to memory of 1676	N/A	C:\Users\Admin\AppData\Local\Temp\sigmahaks.exe	C:\Windows\system32\schtasks.exe
PID 2068 wrote to memory of 1676	N/A	C:\Users\Admin\AppData\Local\Temp\sigmahaks.exe	C:\Windows\system32\schtasks.exe
PID 2068 wrote to memory of 1792	N/A	C:\Users\Admin\AppData\Local\Temp\sigmahaks.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 2068 wrote to memory of 1792	N/A	C:\Users\Admin\AppData\Local\Temp\sigmahaks.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 2068 wrote to memory of 1792	N/A	C:\Users\Admin\AppData\Local\Temp\sigmahaks.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 1792 wrote to memory of 2844	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\schtasks.exe
PID 1792 wrote to memory of 2844	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\schtasks.exe
PID 1792 wrote to memory of 2844	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\schtasks.exe
PID 1792 wrote to memory of 2768	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 1792 wrote to memory of 2768	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 1792 wrote to memory of 2768	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 2768 wrote to memory of 2652	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 2768 wrote to memory of 2652	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 2768 wrote to memory of 2652	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 2768 wrote to memory of 3044	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 2768 wrote to memory of 3044	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 2768 wrote to memory of 3044	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 2768 wrote to memory of 2756	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 2768 wrote to memory of 2756	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 2768 wrote to memory of 2756	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 2756 wrote to memory of 2544	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\schtasks.exe
PID 2756 wrote to memory of 2544	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\schtasks.exe
PID 2756 wrote to memory of 2544	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\schtasks.exe
PID 2756 wrote to memory of 2584	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 2756 wrote to memory of 2584	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 2756 wrote to memory of 2584	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 2584 wrote to memory of 2972	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 2584 wrote to memory of 2972	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 2584 wrote to memory of 2972	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 2584 wrote to memory of 2572	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 2584 wrote to memory of 2572	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 2584 wrote to memory of 2572	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\sigmahaks.exe

"C:\Users\Admin\AppData\Local\Temp\sigmahaks.exe"

C:\Windows\system32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\system32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\bvlNoMKr1kuK.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\system32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\er2mq5xH4grQ.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

Network

N/A

Files

memory/2068-0-0x000007FEF57C3000-0x000007FEF57C4000-memory.dmp

memory/2068-1-0x00000000009D0000-0x0000000000D08000-memory.dmp

memory/2068-2-0x000007FEF57C0000-0x000007FEF61AC000-memory.dmp

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

MD5	e0621270ac0900d68fef321c7efb36cb
SHA1	06693f38735d3fc84739f75998d921ee579db1fd
SHA256	a8d2e1e4a318733fa0f741f82a2bd30f2dd8db6099f502c986b1d7cfdde83c46
SHA512	e9bb6f73ae8b139994d840d8254e2a820d0eb957bb6408d2a22b5cdf1770b5fe66718ee1aaa2237fd89adfff8bfdc6899349f154a81c7924039a124bf1648b09

memory/2068-9-0x000007FEF57C0000-0x000007FEF61AC000-memory.dmp

memory/1792-8-0x0000000000FB0000-0x00000000012E8000-memory.dmp

memory/1792-10-0x000007FEF57C0000-0x000007FEF61AC000-memory.dmp

memory/1792-11-0x000007FEF57C0000-0x000007FEF61AC000-memory.dmp

memory/1792-21-0x000007FEF57C0000-0x000007FEF61AC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\bvlNoMKr1kuK.bat

MD5	3eccef30faa1f3a16dcd4c83bd35f18d
SHA1	51a7514a176ac481c33d18dcc1a1dcb9eaa3d610
SHA256	835e81527db638addaf9115d2c78986608e3ad04aadc9042db08c90086a0e8bc
SHA512	7b5554289ba1811e07bfe0807adae338efdac74f64c24d9e7c4d422f06996c6f9e78530d115021fca23847ec46178442b23e9f3c466231c13b4e27d32226829b

memory/2756-23-0x00000000013E0000-0x0000000001718000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\er2mq5xH4grQ.bat

MD5	40662ece619ce38a154db899dceb511d
SHA1	5be18f000bda483674d6da40591e09bc46c87280
SHA256	07de47b26d9d3269b8ec8faf7bcd97916bb9536f031c75fd875f8651936d671d
SHA512	2a3e7843dc7008928344a727741316084679017bf6eed865597757cac1d4c999ac12b8b79ba5b43d6a80e74f29c207471f634666b723c3903ddedf450aa7ffb2

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-09 02:52

Reported

2024-06-09 02:54

Platform

win10v2004-20240508-en

Max time kernel

87s

Max time network

90s

Command Line

"C:\Users\Admin\AppData\Local\Temp\sigmahaks.exe"

Signatures

Quasar RAT

trojan spyware quasar

Quasar payload

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A

Checks computer location settings

Description	Indicator	Process	Target
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A

Executes dropped EXE

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence

Description	Indicator	Process	Target
N/A	N/A	C:\Windows\SYSTEM32\schtasks.exe	N/A
N/A	N/A	C:\Windows\SYSTEM32\schtasks.exe	N/A
N/A	N/A	C:\Windows\SYSTEM32\schtasks.exe	N/A
N/A	N/A	C:\Windows\SYSTEM32\schtasks.exe	N/A
N/A	N/A	C:\Windows\SYSTEM32\schtasks.exe	N/A
N/A	N/A	C:\Windows\SYSTEM32\schtasks.exe	N/A
N/A	N/A	C:\Windows\SYSTEM32\schtasks.exe	N/A
N/A	N/A	C:\Windows\SYSTEM32\schtasks.exe	N/A
N/A	N/A	C:\Windows\SYSTEM32\schtasks.exe	N/A

Runs ping.exe

Description	Indicator	Process	Target
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A

Suspicious use of AdjustPrivilegeToken

Description	Indicator	Process	Target
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\sigmahaks.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A

Suspicious use of SetWindowsHookEx

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A

Suspicious use of WriteProcessMemory

Description	Indicator	Process	Target
PID 4308 wrote to memory of 4756	N/A	C:\Users\Admin\AppData\Local\Temp\sigmahaks.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 4308 wrote to memory of 4756	N/A	C:\Users\Admin\AppData\Local\Temp\sigmahaks.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 4308 wrote to memory of 3132	N/A	C:\Users\Admin\AppData\Local\Temp\sigmahaks.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 4308 wrote to memory of 3132	N/A	C:\Users\Admin\AppData\Local\Temp\sigmahaks.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 3132 wrote to memory of 2364	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 3132 wrote to memory of 2364	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 3132 wrote to memory of 4620	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 3132 wrote to memory of 4620	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 4620 wrote to memory of 3592	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 4620 wrote to memory of 3592	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 4620 wrote to memory of 3300	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 4620 wrote to memory of 3300	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 4620 wrote to memory of 2084	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 4620 wrote to memory of 2084	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 2084 wrote to memory of 4788	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 2084 wrote to memory of 4788	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 2084 wrote to memory of 2592	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 2084 wrote to memory of 2592	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 2592 wrote to memory of 2560	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 2592 wrote to memory of 2560	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 2592 wrote to memory of 3464	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 2592 wrote to memory of 3464	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 2592 wrote to memory of 1992	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 2592 wrote to memory of 1992	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 1992 wrote to memory of 4540	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 1992 wrote to memory of 4540	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 1992 wrote to memory of 372	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 1992 wrote to memory of 372	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 372 wrote to memory of 1000	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 372 wrote to memory of 1000	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 372 wrote to memory of 4420	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 372 wrote to memory of 4420	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 372 wrote to memory of 544	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 372 wrote to memory of 544	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 544 wrote to memory of 2044	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 544 wrote to memory of 2044	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 544 wrote to memory of 5076	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 544 wrote to memory of 5076	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 5076 wrote to memory of 2188	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 5076 wrote to memory of 2188	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 5076 wrote to memory of 1644	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 5076 wrote to memory of 1644	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 5076 wrote to memory of 3188	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 5076 wrote to memory of 3188	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 3188 wrote to memory of 1396	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 3188 wrote to memory of 1396	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 3188 wrote to memory of 4928	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 3188 wrote to memory of 4928	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 4928 wrote to memory of 2052	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 4928 wrote to memory of 2052	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 4928 wrote to memory of 968	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 4928 wrote to memory of 968	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 4928 wrote to memory of 840	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 4928 wrote to memory of 840	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 840 wrote to memory of 1988	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 840 wrote to memory of 1988	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 840 wrote to memory of 4312	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 840 wrote to memory of 4312	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 4312 wrote to memory of 1704	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 4312 wrote to memory of 1704	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 4312 wrote to memory of 4280	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 4312 wrote to memory of 4280	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 4312 wrote to memory of 4960	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 4312 wrote to memory of 4960	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\sigmahaks.exe

"C:\Users\Admin\AppData\Local\Temp\sigmahaks.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BXzbz87O0usw.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\suabXe5Z8BIL.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\2H2xLijVD5M3.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\J2QDinhsmiXv.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\k2VGXAAApmgr.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\N21v02g1b0y0.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\6nHqCsf077mM.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

Network

Country	Destination	Domain	Proto
US	8.8.8.8:53	28.118.140.52.in-addr.arpa	udp
N/A	224.0.0.251:5353		udp
US	8.8.8.8:53	172.210.232.199.in-addr.arpa	udp
US	8.8.8.8:53	75.159.190.20.in-addr.arpa	udp
US	8.8.8.8:53	196.249.167.52.in-addr.arpa	udp
US	8.8.8.8:53	50.23.12.20.in-addr.arpa	udp
US	8.8.8.8:53	206.23.85.13.in-addr.arpa	udp
US	8.8.8.8:53	0.204.248.87.in-addr.arpa	udp

Files

memory/4308-0-0x00007FF9A8013000-0x00007FF9A8015000-memory.dmp

memory/4308-1-0x0000000000700000-0x0000000000A38000-memory.dmp

memory/4308-2-0x00007FF9A8010000-0x00007FF9A8AD1000-memory.dmp

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

MD5	e0621270ac0900d68fef321c7efb36cb
SHA1	06693f38735d3fc84739f75998d921ee579db1fd
SHA256	a8d2e1e4a318733fa0f741f82a2bd30f2dd8db6099f502c986b1d7cfdde83c46
SHA512	e9bb6f73ae8b139994d840d8254e2a820d0eb957bb6408d2a22b5cdf1770b5fe66718ee1aaa2237fd89adfff8bfdc6899349f154a81c7924039a124bf1648b09

memory/4308-9-0x00007FF9A8010000-0x00007FF9A8AD1000-memory.dmp

memory/3132-10-0x00007FF9A8010000-0x00007FF9A8AD1000-memory.dmp

memory/3132-11-0x00007FF9A8010000-0x00007FF9A8AD1000-memory.dmp

memory/3132-12-0x000000001C4B0000-0x000000001C500000-memory.dmp

memory/3132-13-0x000000001C5C0000-0x000000001C672000-memory.dmp

memory/3132-19-0x00007FF9A8010000-0x00007FF9A8AD1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BXzbz87O0usw.bat

MD5	ef6d452e5c140457f5a6d70ca6aa86bb
SHA1	2b0fd99d33628b44067374f431a6c2a63b121c53
SHA256	f414d7ae1ea38418e167cfe6ac85510d5f63d255223e949f1797d3c352501273
SHA512	080df28aafd2d54c3b37ef45a7d6609bfa21c634336e72c6b62b9e8fda4f4cf431beef1262ec02ea51a9642412f51c8e109cb2a60b93e1d3ad7b434ce9868f44

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Byfron.exe.log

MD5	8f0271a63446aef01cf2bfc7b7c7976b
SHA1	b70dad968e1dda14b55ad361b7fd4ef9ab6c06d7
SHA256	da740d78ae00b72cb3710d1a1256dc6431550965d20afaa65e5d5860a4748e8c
SHA512	78a403c69f1284b7dd41527019f3eede3512a5e4d439d846eca83557b741ca37bcf56c412f3e577b9dd4cfa5a6d6210961215f14cb271b143f6eb94f69389cf5

C:\Users\Admin\AppData\Local\Temp\suabXe5Z8BIL.bat

MD5	01f004b702ec0d5e00522fa0edd9b3f2
SHA1	494e3dbfc0a6463b1e96d299ef3334eb4b063b9d
SHA256	ac48fdc9572b2d0bfcd90d728751eee6df3d21cd1c8b6ce2be24060b54b55825
SHA512	cfd9f64d8696da17c67c7a3eedd1649dcb17682f6050fa52c3a706dd63f1476fa37d69dbee6c378ce6628b5682a447e46c5d43bc9dee6686ec9a233ef3c3167a

C:\Users\Admin\AppData\Local\Temp\2H2xLijVD5M3.bat

MD5	9486eb829978a76d810c40060832072c
SHA1	1df5e178ecb9996f994d1eba7f28ed6c9a2e9965
SHA256	0298c91fd1881ec5c6441c47118744ded612152fb753fa332c567ec672dc5110
SHA512	090b3d4fc9002160c46c5e95dbb64df6d27c5670485054cee8a680acd4685f45c9b98c14ac5dc76001179420d43679f521996d40efe8e7259b7dbf75d3a11e7e

C:\Users\Admin\AppData\Local\Temp\J2QDinhsmiXv.bat

MD5	98e897e263c053452127710c33088dba
SHA1	b340dd9b6f2bcbe35c37f877fe719004face2a43
SHA256	4ad1c5e4fc4296b4791a1da5ff2d8793dacaa9ab6b66ddc37ed7acbc51a46f25
SHA512	5649de7fdccaa795ca0c912ace1e09c5a0d61d0fd628a846c09fb7a903fbca95a2d418e395e46702b8e7b7e9acd14c058c2dec6b6dd84e33406ed03b866fa6de

C:\Users\Admin\AppData\Local\Temp\k2VGXAAApmgr.bat

MD5	06a55b43e303dbeba5c2e3357c23e9a5
SHA1	e718a7685ad691f65aaf52bc3c5ddc626a79e398
SHA256	cf237fe4777538a177148492c37e0a0d140437d12684681dbc3f3b40e202e31e
SHA512	4da5b78e8a7f57d9be57f1fbeeacf9f7631a2f1cd0d2b9749467b566fac449a74c3d58e9b7ffaff2d41238b2c2180ee316a8827a2a1936f922a956dd311323eb

C:\Users\Admin\AppData\Local\Temp\N21v02g1b0y0.bat

MD5	d8b5c6c00ad9426e138182f86ced2d43
SHA1	8d095c3c3a798b946a7779f0cf5cbc394b4c2e16
SHA256	9db8562820eb3ba9eed5ccb47db1a70d60434c8684c1faf832ca439892a67644
SHA512	ff022cd5a41d1c7d23bce9d92d9adebcbaa4d2f6d221b1f4634f13c69580b1223bd61c6b94aa4c9787a42dba50f953181be79b9cb642c0f13d9934d3ac85c719

C:\Users\Admin\AppData\Local\Temp\6nHqCsf077mM.bat

MD5	58603c9f65bb3c1e19aa7a5006555abd
SHA1	d886f422db77c9320d0394a987704ed19ee04584
SHA256	7a205dc26a0382e7de0d7deb109cf98c311820ba1ceddd0773feba71903a1464
SHA512	ac84c1501bfc395aa1ddf8e3250f08668de8866800604ee5aa529a2a7598f8d179ca95eba9168fb3318247afe78be663da96a75eb02fcac5ae39ad32e5c63994

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

MD5	3416e1792f0297cfb12ee812dd98ef78
SHA1	959ca49711f7294a447e839e1ba24b7ada871dbd
SHA256	2aa8ebfd1d6e2ef14d65965af8e81d0a98a63774c01d7c5d0be57461f5b0eb7a
SHA512	3e9c47a829f8ce2663e4a9420458de4cbc2540afcfd0d33a87af60dad729d609c2f76d8bcd57e3eab9ccc0efa0159c24d69809662d59d06c1895e75a387cc8b8

Malware Analysis Report

2024-08-06 11:50

Table of Contents

Analysis Overview

Threat Level: Known bad

Malicious Activity Summary

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files