quasar | 8c8a3846e1f9c9aef9566158cbe5c69f26ea1d1167f387bea8ab9a6f8de2b31e

Analysis

max time kernel
140s
max time network
142s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09-06-2024 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HoneyPot.exe
Size

3.2MB
MD5

1b1eb2ec84ec46145969c46749dc4063
SHA1

e1a988e15bd7184c9539b6f024ce80ce6b79d95e
SHA256

8c8a3846e1f9c9aef9566158cbe5c69f26ea1d1167f387bea8ab9a6f8de2b31e
SHA512

ccd4ae2047a50772120f59f75dfc9e0ae44af351e3c2871d32c93e32cee0348dc1380d9d2aecae5498608a017f5e8f7ae331ad68cced350dd27eb395525c1142
SSDEEP

49152:dvZ6r25iapTY4PslEsvRnLVd4NovjMpETck/KQoGdITHHB72eh2NT:dvMr25iapTY4PslEsvlLVd4NkjB

Score

10^/10

quasar it was the first day back to school cuttin up in class actin like a tool friends are rollin in we st spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

It was the first day Back to school Cuttin up in class Actin like a tool Friends are rollin in We started talkin bout the summer DJ saw Twilight Bummer I spoke up And I asked my friends "Are there any new girls? nines or tens?" Hopin a few hotties Had moved from other cities And in walked this girl With Tig 'Ol Bitties Whoo I can't believe my eyes In a contest they'd win first prize Double D, guarantee I was checkin the size It's like two beach balls in a shirt disguise Or earth and mars Havin some fun Wait I take that back It's like two of the sun But at this point i let my mind run And drifted off thinkin bout them Tig 'Ol Bitties Hah, Tig 'Ol Bitties Mount Fuji brought it's twin Tig 'Ol Bitties Two melons in a shirt Tig 'Ol Bitties Tig 'Ol Bitties I put books in my lap Tig 'Ol Bitties Heads bobbin as she walks Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Kept trippin in class cuz of her dang breasts in a tiny white shirt Boobs havin a fiesta Later in lab We were messin with test tubes Couldn't keep my eyes off the new girls chest Boobs! Wasn't payin attention Got busted Had to serve detention In biology We talked about the bees The best kinda bees Boob-bees Whoo I can't believe my mind I hold a pokerface to her two of a kind With each step Her breasts gettin redefined I'm makin my move I'm thinkin it's time Oh snap I'mma ask her to prom And in my head She responds "you're the bomb" Feelin nervous So I count to three "I like your boobs, go to prom with me?" Hah, Tig 'Ol Bitties King kong boobs Tig 'Ol Bitties Great tracks of land Tig 'Ol Bitties Tig 'Ol Bitties Like my balls Tig 'Ol Bitties Real big Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties She said yes So I'm gettin ready Stain on my shirt Mom's spaghetti I pick her up And I'm pretty sure That she'll let me motor-boat like rrrrrr I try to cop a feel once we get to school She said "No touching, that's the rule" Principal walks up on the scene "It's time to announce prom king and queen Your Favorite Martian and Tig 'Ol Bitties Congratulations to you both on winning" Time slowed down and she jumped for joy When out of her dress jumped something more Tissues flew and rained from the sky Oh my god you stuff your shirt!? Your Favorite Martian in a world of hurt Awwww fake 'Ol Bitties Wow! Fake 'Ol Bitties You breakin my heart with Fake 'Ol Bitties You're crushin my dreams with Fake 'Ol Bitties Fake 'Ol Bitties I can't believable it Fake 'Ol Bitties You really suck Fake 'Ol Bitties I can't believe you would do that Fake 'Ol Bitties Fake 'Ol Bitties Why would you do that when you're just trying to get everyone's attention Stuffed boobs! They're lies! Lies I tell you! But you know I'm still down to make out if you If you want to, want to come back with me You know what, never mindIt was the first day Back to school Cuttin up in class Actin like a tool Friends are rollin in We started talkin bout the summer DJ saw Twilight Bummer I spoke up And I asked my friends "Are there any new girls? nines or tens?" Hopin a few hotties Had moved from other cities And in walked this girl With Tig 'Ol Bitties Whoo I can't believe my eyes In a contest they'd win first prize Double D, guarantee I was checkin the size It's like two beach balls in a shirt disguise Or earth and mars Havin some fun Wait I take that back It's like two of the sun But at this point i let my mind run And drifted off thinkin bout them Tig 'Ol Bitties Hah, Tig 'Ol Bitties Mount Fuji brought it's twin Tig 'Ol Bitties Two melons in a shirt Tig 'Ol Bitties Tig 'Ol Bitties I put books in my lap Tig 'Ol Bitties Heads bobbin as she walks Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Kept trippin in class cuz of her dang breasts in a tiny white shirt Boobs havin a fiesta Later in lab We were messin with test tubes Couldn't keep my eyes off the new girls chest Boobs! Wasn't payin attention Got busted Had to serve detention In biology We talked about the bees The best kinda bees Boob-bees Whoo I can't believe my mind I hold a pokerface to her two of a kind With each step Her breasts gettin redefined I'm makin my move I'm thinkin it's time Oh snap I'mma ask her to prom And in my head She responds "you're the bomb" Feelin nervous So I count to three "I like your boobs, go to prom with me?" Hah, Tig 'Ol Bitties King kong boobs Tig 'Ol Bitties Great tracks of land Tig 'Ol Bitties Tig 'Ol Bitties Like my balls Tig 'Ol Bitties Real big Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties She said yes So I'm gettin ready Stain on my shirt Mom's spaghetti I pick her up And I'm pretty sure That she'll let me motor-boat like rrrrrr I try to cop a feel once we get to school She said "No touching, that's the rule" Principal walks up on the scene "It's time to announce prom king and queen Your Favorite Martian and Tig 'Ol Bitties Congratulations to you both on winning" Time slowed down and she jumped for joy When out of her dress jumped something more Tissues flew and rained from the sky Oh my god you stuff your shirt!? Your Favorite Martian in a world of hurt Awwww fake 'Ol Bitties Wow! Fake 'Ol Bitties You breakin my heart with Fake 'Ol Bitties You're crushin my dreams with Fake 'Ol Bitties Fake 'Ol Bitties I can't believable it Fake 'Ol Bitties You really suck Fake 'Ol Bitties I can't believe you would do that Fake 'Ol Bitties Fake 'Ol Bitties Why would you do that when you're just trying to get everyone's attention Stuffed boobs! They're lies! Lies I tell you! But you know I'm still down to make out if you If you want to, want to come back with me You know what, never mindIt was the first day Back to school Cuttin up in class Actin like a tool Friends are rollin in We started talkin bout the summer DJ saw Twilight Bummer I spoke up And I asked my friends "Are there any new girls? nines or tens?" Hopin a few hotties Had moved from other cities And in walked this girl With Tig 'Ol Bitties Whoo I can't believe my eyes In a contest they'd win first prize Double D, guarantee I was checkin the size It's like two beach balls in a shirt disguise Or earth and mars Havin some fun Wait I take that back It's like two of the sun But at this point i let my mind run And drifted off thinkin bout them Tig 'Ol Bitties Hah, Tig 'Ol Bitties Mount Fuji brought it's twin Tig 'Ol Bitties Two melons in a shirt Tig 'Ol Bitties Tig 'Ol Bitties I put books in my lap Tig 'Ol Bitties Heads bobbin as she walks Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Kept trippin in class cuz of her dang breasts in a tiny white shirt Boobs havin a fiesta Later in lab We were messin with test tubes Couldn't keep my eyes off the new girls chest Boobs! Wasn't payin attention Got busted Had to serve detention In biology We talked about the bees The best kinda bees Boob-bees Whoo I can't believe my mind I hold a pokerface to her two of a kind With each step Her breasts gettin redefined I'm makin my move I'm thinkin it's time Oh snap I'mma ask her to prom And in my head She responds "you're the bomb" Feelin nervous So I count to three "I like your boobs, go to prom with me?" Hah, Tig 'Ol Bitties King kong boobs Tig 'Ol Bitties Great tracks of land Tig 'Ol Bitties Tig 'Ol Bitties Like my balls Tig 'Ol Bitties Real big Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties She said yes So I'm gettin ready Stain on my shirt Mom's spaghetti I pick her up And I'm pretty sure That she'll let me motor-boat like rrrrrr I try to cop a feel once we get to school She said "No touching, that's the rule" Principal walks up on the scene "It's time to announce prom king and queen Your Favorite Martian and Tig 'Ol Bitties Congratulations to you both on winning" Time slowed down and she jumped for joy When out of her dress jumped something more Tissues flew and rained from the sky Oh my god you stuff your shirt!? Your Favorite Martian in a world of hurt Awwww fake 'Ol Bitties Wow! Fake 'Ol Bitties You breakin my heart with Fake 'Ol Bitties You're crushin my dreams with Fake 'Ol Bitties Fake 'Ol Bitties I can't believable it Fake 'Ol Bitties You really suck Fake 'Ol Bitties I can't believe you would do that Fake 'Ol Bitties Fake 'Ol Bitties Why would you do that when you're just trying to get everyone's attention Stuffed boobs! They're lies! Lies I tell you! But you know I'm still down to make out if you If you want to, want to come back with me You know what, never mindIt was the first day Back to school Cuttin up in class Actin like a tool Friends are rollin in We started talkin bout the summer DJ saw Twilight Bummer I spoke up And I asked my friends "Are there any new girls? nines or tens?" Hopin a few hotties Had moved from other cities And in walked this girl With Tig 'Ol Bitties Whoo I can't believe my eyes In a contest they'd win first prize Double D, guarantee I was checkin the size It's like two beach balls in a shirt disguise Or earth and mars Havin some fun Wait I take that back It's like two of the sun But at this point i let my mind run And drifted off thinkin bout them Tig 'Ol Bitties Hah, Tig 'Ol Bitties Mount Fuji brought it's twin Tig 'Ol Bitties Two melons in a shirt Tig 'Ol Bitties Tig 'Ol Bitties I put books in my lap Tig 'Ol Bitties Heads bobbin as she walks Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Kept trippin in class cuz of her dang breasts in a tiny white shirt Boobs havin a fiesta Later in lab We were messin with test tubes Couldn't keep my eyes off the new girls chest Boobs! Wasn't payin attention Got busted Had to serve detention In biology We talked about the bees The best kinda bees Boob-bees Whoo I can't believe my mind I hold a pokerface to her two of a kind With each step Her breasts gettin redefined I'm makin my move I'm thinkin it's time Oh snap I'mma ask her to prom And in my head She responds "you're the bomb" Feelin nervous So I count to three "I like your boobs, go to prom with me?" Hah, Tig 'Ol Bitties King kong boobs Tig 'Ol Bitties Great tracks of land Tig 'Ol Bitties Tig 'Ol Bitties Like my balls Tig 'Ol Bitties Real big Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties She said yes So I'm gettin ready Stain on my shirt Mom's spaghetti I pick her up And I'm pretty sure That she'll let me motor-boat like rrrrrr I try to cop a feel once we get to school She said "No touching, that's the rule" Principal walks up on the scene "It's time to announce prom king and queen Your Favorite Martian and Tig 'Ol Bitties Congratulations to you both on winning" Time slowed down and she jumped for joy When out of her dress jumped something more Tissues flew and rained from the sky Oh my god you stuff your shirt!? Your Favorite Martian in a world of hurt Awwww fake 'Ol Bitties Wow! Fake 'Ol Bitties You breakin my heart with Fake 'Ol Bitties You're crushin my dreams with Fake 'Ol Bitties Fake 'Ol Bitties I can't believable it Fake 'Ol Bitties You really suck Fake 'Ol Bitties I can't believe you would do that Fake 'Ol Bitties Fake 'Ol Bitties Why would you do that when you're just trying to get everyone's attention Stuffed boobs! They're lies! Lies I tell you! But you know I'm still down to make out if you If you want to, want to come back with me You know what, never mindIt was the first day Back to school Cuttin up in class Actin like a tool Friends are rollin in We started talkin bout the summer DJ saw Twilight Bummer I spoke up And I asked my friends "Are there any new girls? nines or tens?" Hopin a few hotties Had moved from other cities And in walked this girl With Tig 'Ol Bitties Whoo I can't believe my eyes In a contest they'd win first prize Double D, guarantee I was checkin the size It's like two beach balls in a shirt disguise Or earth and mars Havin some fun Wait I take that back It's like two of the sun But at this point i let my mind run And drifted off thinkin bout them Tig 'Ol Bitties Hah, Tig 'Ol Bitties Mount Fuji brought it's twin Tig 'Ol Bitties Two melons in a shirt Tig 'Ol Bitties Tig 'Ol Bitties I put books in my lap Tig 'Ol Bitties Heads bobbin as she walks Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Kept trippin in class cuz of her dang breasts in a tiny white shirt Boobs havin a fiesta Later in lab We were messin with test tubes Couldn't keep my eyes off the new girls chest Boobs! Wasn't payin attention Got busted Had to serve detention In biology We talked about the bees The best kinda bees Boob-bees Whoo I can't believe my mind I hold a pokerface to her two of a kind With each step Her breasts gettin redefined I'm makin my move I'm thinkin it's time Oh snap I'mma ask her to prom And in my head She responds "you're the bomb" Feelin nervous So I count to three "I like your boobs, go to prom with me?" Hah, Tig 'Ol Bitties King kong boobs Tig 'Ol Bitties Great tracks of land Tig 'Ol Bitties Tig 'Ol Bitties Like my balls Tig 'Ol Bitties Real big Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties She said yes So I'm gettin ready Stain on my shirt Mom's spaghetti I pick her up And I'm pretty sure That she'll let me motor-boat like rrrrrr I try to cop a feel once we get to school She said "No touching, that's the rule" Principal walks up on the scene "It's time to announce prom king and queen Your Favorite Martian and Tig 'Ol Bitties Congratulations to you both on winning" Time slowed down and she jumped for joy When out of her dress jumped something more Tissues flew and rained from the sky Oh my god you stuff your shirt!? Your Favorite Martian in a world of hurt Awwww fake 'Ol Bitties Wow! Fake 'Ol Bitties You breakin my heart with Fake 'Ol Bitties You're crushin my dreams with Fake 'Ol Bitties Fake 'Ol Bitties I can't believable it Fake 'Ol Bitties You really suck Fake 'Ol Bitties I can't believe you would do that Fake 'Ol Bitties Fake 'Ol Bitties Why would you do that when you're just trying to get everyone's attention Stuffed boobs! They're lies! Lies I tell you! But you know I'm still down to make out if you If you want to, want to come back with me You know what, never mindIt was the first day Back to school Cuttin up in class Actin like a tool Friends are rollin in We started talkin bout the summer DJ saw Twilight Bummer I spoke up And I asked my friends "Are there any new girls? nines or tens?" Hopin a few hotties Had moved from other cities And in walked this girl With Tig 'Ol Bitties Whoo I can't believe my eyes In a contest they'd win first prize Double D, guarantee I was checkin the size It's like two beach balls in a shirt disguise Or earth and mars Havin some fun Wait I take that back It's like two of the sun But at this point i let my mind run And drifted off thinkin bout them Tig 'Ol Bitties Hah, Tig 'Ol Bitties Mount Fuji brought it's twin Tig 'Ol Bitties Two melons in a shirt Tig 'Ol Bitties Tig 'Ol Bitties I put books in my lap Tig 'Ol Bitties Heads bobbin as she walks Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Kept trippin in class cuz of her dang breasts in a tiny white shirt Boobs havin a fiesta Later in lab We were messin with test tubes Couldn't keep my eyes off the new girls chest Boobs! Wasn't payin attention Got busted Had to serve detention In biology We talked about the bees The best kinda bees Boob-bees Whoo I can't believe my mind I hold a pokerface to her two of a kind With each step Her breasts gettin redefined I'm makin my move I'm thinkin it's time Oh snap I'mma ask her to prom And in my head She responds "you're the bomb" Feelin nervous So I count to three "I like your boobs, go to prom with me?" Hah, Tig 'Ol Bitties King kong boobs Tig 'Ol Bitties Great tracks of land Tig 'Ol Bitties Tig 'Ol Bitties Like my balls Tig 'Ol Bitties Real big Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties She said yes So I'm gettin ready Stain on my shirt Mom's spaghetti I pick her up And I'm pretty sure That she'll let me motor-boat like rrrrrr I try to cop a feel once we get to school She said "No touching, that's the rule" Principal walks up on the scene "It's time to announce prom king and queen Your Favorite Martian and Tig 'Ol Bitties Congratulations to you both on winning" Time slowed down and she jumped for joy When out of her dress jumped something more Tissues flew and rained from the sky Oh my god you stuff your shirt!? Your Favorite Martian in a world of hurt Awwww fake 'Ol Bitties Wow! Fake 'Ol Bitties You breakin my heart with Fake 'Ol Bitties You're crushin my dreams with Fake 'Ol Bitties Fake 'Ol Bitties I can't believable it Fake 'Ol Bitties You really suck Fake 'Ol Bitties I can't believe you would do that Fake 'Ol Bitties Fake 'Ol Bitties Why would you do that when you're just trying to get everyone's attention Stuffed boobs! They're lies! Lies I tell you! But you know I'm still down to make out if you If you want to, want to come back with me You know what, never mindIt was the first day Back to school Cuttin up in class Actin like a tool Friends are rollin in We started talkin bout the summer DJ saw Twilight Bummer I spoke up And I asked my friends "Are there any new girls? nines or tens?" Hopin a few hotties Had moved from other cities And in walked this girl With Tig 'Ol Bitties Whoo I can't believe my eyes In a contest they'd win first prize Double D, guarantee I was checkin the size It's like two beach balls in a shirt disguise Or earth and mars Havin some fun Wait I take that back It's like two of the sun But at this point i let my mind run And drifted off thinkin bout them Tig 'Ol Bitties Hah, Tig 'Ol Bitties Mount Fuji brought it's twin Tig 'Ol Bitties Two melons in a shirt Tig 'Ol Bitties Tig 'Ol Bitties I put books in my lap Tig 'Ol Bitties Heads bobbin as she walks Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Kept trippin in class cuz of her dang breasts in a tiny white shirt Boobs havin a fiesta Later in lab We were messin with test tubes Couldn't keep my eyes off the new girls chest Boobs! Wasn't payin attention Got busted Had to serve detention In biology We talked about the bees The best kinda bees Boob-bees Whoo I can't believe my mind I hold a pokerface to her two of a kind With each step Her breasts gettin redefined I'm makin my move I'm thinkin it's time Oh snap I'mma ask her to prom And in my head She responds "you're the bomb" Feelin nervous So I count to three "I like your boobs, go to prom with me?" Hah, Tig 'Ol Bitties King kong boobs Tig 'Ol Bitties Great tracks of land Tig 'Ol Bitties Tig 'Ol Bitties Like my balls Tig 'Ol Bitties Real big Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties She said yes So I'm gettin ready Stain on my shirt Mom's spaghetti I pick her up And I'm pretty sure That she'll let me motor-boat like rrrrrr I try to cop a feel once we get to school She said "No touching, that's the rule" Principal walks up on the scene "It's time to announce prom king and queen Your Favorite Martian and Tig 'Ol Bitties Congratulations to you both on winning" Time slowed down and she jumped for joy When out of her dress jumped something more Tissues flew and rained from the sky Oh my god you stuff your shirt!? Your Favorite Martian in a world of hurt Awwww fake 'Ol Bitties Wow! Fake 'Ol Bitties You breakin my heart with Fake 'Ol Bitties You're crushin my dreams with Fake 'Ol Bitties Fake 'Ol Bitties I can't believable it Fake 'Ol Bitties You really suck Fake 'Ol Bitties I can't believe you would do that Fake 'Ol Bitties Fake 'Ol Bitties Why would you do that when you're just trying to get everyone's attention Stuffed boobs! They're lies! Lies I tell you! But you know I'm still down to make out if you If you want to, want to come back with me You know what, never mindIt was the first day Back to school Cuttin up in class Actin like a tool Friends are rollin in We started talkin bout the summer DJ saw Twilight Bummer I spoke up And I asked my friends "Are there any new girls? nines or tens?" Hopin a few hotties Had moved from other cities And in walked this girl With Tig 'Ol Bitties Whoo I can't believe my eyes In a contest they'd win first prize Double D, guarantee I was checkin the size It's like two beach balls in a shirt disguise Or earth and mars Havin some fun Wait I take that back It's like two of the sun But at this point i let my mind run And drifted off thinkin bout them Tig 'Ol Bitties Hah, Tig 'Ol Bitties Mount Fuji brought it's twin Tig 'Ol Bitties Two melons in a shirt Tig 'Ol Bitties Tig 'Ol Bitties I put books in my lap Tig 'Ol Bitties Heads bobbin as she walks Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Kept trippin in class cuz of her dang breasts in a tiny white shirt Boobs havin a fiesta Later in lab We were messin with test tubes Couldn't keep my eyes off the new girls chest Boobs! Wasn't payin attention Got busted Had to serve detention In biology We talked about the bees The best kinda bees Boob-bees Whoo I can't believe my mind I hold a pokerface to her two of a kind With each step Her breasts gettin redefined I'm makin my move I'm thinkin it's time Oh snap I'mma ask her to prom And in my head She responds "you're the bomb" Feelin nervous So I count to three "I like your boobs, go to prom with me?" Hah, Tig 'Ol Bitties King kong boobs Tig 'Ol Bitties Great tracks of land Tig 'Ol Bitties Tig 'Ol Bitties Like my balls Tig 'Ol Bitties Real big Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties She said yes So I'm gettin ready Stain on my shirt Mom's spaghetti I pick her up And I'm pretty sure That she'll let me motor-boat like rrrrrr I try to cop a feel once we get to school She said "No touching, that's the rule" Principal walks up on the scene "It's time to announce prom king and queen Your Favorite Martian and Tig 'Ol Bitties Congratulations to you both on winning" Time slowed down and she jumped for joy When out of her dress jumped something more Tissues flew and rained from the sky Oh my god you stuff your shirt!? Your Favorite Martian in a world of hurt Awwww fake 'Ol Bitties Wow! Fake 'Ol Bitties You breakin my heart with Fake 'Ol Bitties You're crushin my dreams with Fake 'Ol Bitties Fake 'Ol Bitties I can't believable it Fake 'Ol Bitties You really suck Fake 'Ol Bitties I can't believe you would do that Fake 'Ol Bitties Fake 'Ol Bitties Why would you do that when you're just trying to get everyone's attention Stuffed boobs! They're lies! Lies I tell you! But you know I'm still down to make out if you If you want to, want to come back with me You know what, never mindIt was the first day Back to school Cuttin up in class Actin like a tool Friends are rollin in We started talkin bout the summer DJ saw Twilight Bummer I spoke up And I asked my friends "Are there any new girls? nines or tens?" Hopin a few hotties Had moved from other cities And in walked this girl With Tig 'Ol Bitties Whoo I can't believe my eyes In a contest they'd win first prize Double D, guarantee I was checkin the size It's like two beach balls in a shirt disguise Or earth and mars Havin some fun Wait I take that back It's like two of the sun But at this point i let my mind run And drifted off thinkin bout them Tig 'Ol Bitties Hah, Tig 'Ol Bitties Mount Fuji brought it's twin Tig 'Ol Bitties Two melons in a shirt Tig 'Ol Bitties Tig 'Ol Bitties I put books in my lap Tig 'Ol Bitties Heads bobbin as she walks Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Kept trippin in class cuz of her dang breasts in a tiny white shirt Boobs havin a fiesta Later in lab We were messin with test tubes Couldn't keep my eyes off the new girls chest Boobs! Wasn't payin attention Got busted Had to serve detention In biology We talked about the bees The best kinda bees Boob-bees Whoo I can't believe my mind I hold a pokerface to her two of a kind With each step Her breasts gettin redefined I'm makin my move I'm thinkin it's time Oh snap I'mma ask her to prom And in my head She responds "you're the bomb" Feelin nervous So I count to three "I like your boobs, go to prom with me?" Hah, Tig 'Ol Bitties King kong boobs Tig 'Ol Bitties Great tracks of land Tig 'Ol Bitties Tig 'Ol Bitties Like my balls Tig 'Ol Bitties Real big Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties She said yes So I'm gettin ready Stain on my shirt Mom's spaghetti I pick her up And I'm pretty sure That she'll let me motor-boat like rrrrrr I try to cop a feel once we get to school She said "No touching, that's the rule" Principal walks up on the scene "It's time to announce prom king and queen Your Favorite Martian and Tig 'Ol Bitties Congratulations to you both on winning" Time slowed down and she jumped for joy When out of her dress jumped something more Tissues flew and rained from the sky Oh my god you stuff your shirt!? Your Favorite Martian in a world of hurt Awwww fake 'Ol Bitties Wow! Fake 'Ol Bitties You breakin my heart with Fake 'Ol Bitties You're crushin my dreams with Fake 'Ol Bitties Fake 'Ol Bitties I can't believable it Fake 'Ol Bitties You really suck Fake 'Ol Bitties I can't believe you would do that Fake 'Ol Bitties Fake 'Ol Bitties Why would you do that when you're just trying to get everyone's attention Stuffed boobs! They're lies! Lies I tell you! But you know I'm still down to make out if you If you want to, want to come back with me You know what, never mindIt was the first day Back to school Cuttin up in class Actin like a tool Friends are rollin in We started talkin bout the summer DJ saw Twilight Bummer I spoke up And I asked my friends "Are there any new girls? nines or tens?" Hopin a few hotties Had moved from other cities And in walked this girl With Tig 'Ol Bitties Whoo I can't believe my eyes In a contest they'd win first prize Double D, guarantee I was checkin the size It's like two beach balls in a shirt disguise Or earth and mars Havin some fun Wait I take that back It's like two of the sun But at this point i let my mind run And drifted off thinkin bout them Tig 'Ol Bitties Hah, Tig 'Ol Bitties Mount Fuji brought it's twin Tig 'Ol Bitties Two melons in a shirt Tig 'Ol Bitties Tig 'Ol Bitties I put books in my lap Tig 'Ol Bitties Heads bobbin as she walks Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Kept trippin in class cuz of her dang breasts in a tiny white shirt Boobs havin a fiesta Later in lab We were messin with test tubes Couldn't keep my eyes off the new girls chest Boobs! Wasn't payin attention Got busted Had to serve detention In biology We talked about the bees The best kinda bees Boob-bees Whoo I can't believe my mind I hold a pokerface to her two of a kind With each step Her breasts gettin redefined I'm makin my move I'm thinkin it's time Oh snap I'mma ask her to prom And in my head She responds "you're the bomb" Feelin nervous So I count to three "I like your boobs, go to prom with me?" Hah, Tig 'Ol Bitties King kong boobs Tig 'Ol Bitties Great tracks of land Tig 'Ol Bitties Tig 'Ol Bitties Like my balls Tig 'Ol Bitties Real big Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties She said yes So I'm gettin ready Stain on my shirt Mom's spaghetti I pick her up And I'm pretty sure That she'll let me motor-boat like rrrrrr I try to cop a feel once we get to school She said "No touching, that's the rule" Principal walks up on the scene "It's time to announce prom king and queen Your Favorite Martian and Tig 'Ol Bitties Congratulations to you both on winning" Time slowed down and she jumped for joy When out of her dress jumped something more Tissues flew and rained from the sky Oh my god you stuff your shirt!? Your Favorite Martian in a world of hurt Awwww fake 'Ol Bitties Wow! Fake 'Ol Bitties You breakin my heart with Fake 'Ol Bitties You're crushin my dreams with Fake 'Ol Bitties Fake 'Ol Bitties I can't believable it Fake 'Ol Bitties You really suck Fake 'Ol Bitties I can't believe you would do that Fake 'Ol Bitties Fake 'Ol Bitties Why would you do that when you're just trying to get everyone's attention Stuffed boobs! They're lies! Lies I tell you! But you know I'm still down to make out if you If you want to, want to come back with me You know what, never mindIt was the first day Back to school Cuttin up in class Actin like a tool Friends are rollin in We started talkin bout the summer DJ saw Twilight Bummer I spoke up And I asked my friends "Are there any new girls? nines or tens?" Hopin a few hotties Had moved from other cities And in walked this girl With Tig 'Ol Bitties Whoo I can't believe my eyes In a contest they'd win first prize Double D, guarantee I was checkin the size It's like two beach balls in a shirt disguise Or earth and mars Havin some fun Wait I take that back It's like two of the sun But at this point i let my mind run And drifted off thinkin bout them Tig 'Ol Bitties Hah, Tig 'Ol Bitties Mount Fuji brought it's twin Tig 'Ol Bitties Two melons in a shirt Tig 'Ol Bitties Tig 'Ol Bitties I put books in my lap Tig 'Ol Bitties Heads bobbin as she walks Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Kept trippin in class cuz of her dang breasts in a tiny white shirt Boobs havin a fiesta Later in lab We were messin with test tubes Couldn't keep my eyes off the new girls chest Boobs! Wasn't payin attention Got busted Had to serve detention In biology We talked about the bees The best kinda bees Boob-bees Whoo I can't believe my mind I hold a pokerface to her two of a kind With each step Her breasts gettin redefined I'm makin my move I'm thinkin it's time Oh snap I'mma ask her to prom And in my head She responds "you're the bomb" Feelin nervous So I count to three "I like your boobs, go to prom with me?" Hah, Tig 'Ol Bitties King kong boobs Tig 'Ol Bitties Great tracks of land Tig 'Ol Bitties Tig 'Ol Bitties Like my balls Tig 'Ol Bitties Real big Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties She said yes So I'm gettin ready Stain on my shirt Mom's spaghetti I pick her up And I'm pretty sure That she'll let me motor-boat like rrrrrr I try to cop a feel once we get to school She said "No t

idk:4782

Mutex

5c7d6a36-dffc-4ec3-8525-ba9161772945

Attributes

encryption_key
7930C3883BFB3E417BEC9036B64E581CD2465EFE
install_name
Byfron.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Balls
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar

Quasar payload 11 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2928-1-0x0000000000C10000-0x0000000000F48000-memory.dmp	family_quasar
C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	family_quasar
behavioral1/memory/1720-9-0x0000000001090000-0x00000000013C8000-memory.dmp	family_quasar
behavioral1/memory/1812-33-0x0000000001350000-0x0000000001688000-memory.dmp	family_quasar
behavioral1/memory/632-54-0x0000000000320000-0x0000000000658000-memory.dmp	family_quasar
behavioral1/memory/836-66-0x0000000000950000-0x0000000000C88000-memory.dmp	family_quasar
behavioral1/memory/2040-77-0x0000000001360000-0x0000000001698000-memory.dmp	family_quasar
behavioral1/memory/2628-88-0x0000000000280000-0x00000000005B8000-memory.dmp	family_quasar
behavioral1/memory/2080-100-0x0000000001140000-0x0000000001478000-memory.dmp	family_quasar
behavioral1/memory/768-121-0x00000000002D0000-0x0000000000608000-memory.dmp	family_quasar
behavioral1/memory/1132-132-0x0000000000940000-0x0000000000C78000-memory.dmp	family_quasar

Executes dropped EXE 12 IoCs

Processes:

Byfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exe

pid	process
1720	Byfron.exe
2516	Byfron.exe
1812	Byfron.exe
1960	Byfron.exe
632	Byfron.exe
836	Byfron.exe
2040	Byfron.exe
2628	Byfron.exe
2080	Byfron.exe
1972	Byfron.exe
768	Byfron.exe
1132	Byfron.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 13 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

Processes:

schtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exe

pid	process
1652	schtasks.exe
1716	schtasks.exe
2336	schtasks.exe
1244	schtasks.exe
1512	schtasks.exe
2036	schtasks.exe
2588	schtasks.exe
2800	schtasks.exe
2228	schtasks.exe
1288	schtasks.exe
876	schtasks.exe
1692	schtasks.exe
2896	schtasks.exe

Runs ping.exe 1 TTPs 12 IoCs

Remote System Discovery

T1018

Processes:

PING.EXEPING.EXEPING.EXEPING.EXEPING.EXEPING.EXEPING.EXEPING.EXEPING.EXEPING.EXEPING.EXEPING.EXE

pid	process
2404	PING.EXE
2808	PING.EXE
2496	PING.EXE
1044	PING.EXE
2476	PING.EXE
1252	PING.EXE
2540	PING.EXE
2812	PING.EXE
3052	PING.EXE
2552	PING.EXE
2404	PING.EXE
544	PING.EXE

Suspicious use of AdjustPrivilegeToken 13 IoCs

Processes:

HoneyPot.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exe

description	pid	process
Token: SeDebugPrivilege	2928	HoneyPot.exe
Token: SeDebugPrivilege	1720	Byfron.exe
Token: SeDebugPrivilege	2516	Byfron.exe
Token: SeDebugPrivilege	1812	Byfron.exe
Token: SeDebugPrivilege	1960	Byfron.exe
Token: SeDebugPrivilege	632	Byfron.exe
Token: SeDebugPrivilege	836	Byfron.exe
Token: SeDebugPrivilege	2040	Byfron.exe
Token: SeDebugPrivilege	2628	Byfron.exe
Token: SeDebugPrivilege	2080	Byfron.exe
Token: SeDebugPrivilege	1972	Byfron.exe
Token: SeDebugPrivilege	768	Byfron.exe
Token: SeDebugPrivilege	1132	Byfron.exe

Suspicious use of SetWindowsHookEx 11 IoCs

Processes:

Byfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exe

pid	process
1720	Byfron.exe
2516	Byfron.exe
1812	Byfron.exe
1960	Byfron.exe
632	Byfron.exe
836	Byfron.exe
2040	Byfron.exe
2628	Byfron.exe
2080	Byfron.exe
1972	Byfron.exe
768	Byfron.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

HoneyPot.exeByfron.execmd.exeByfron.execmd.exeByfron.execmd.exeByfron.execmd.exe

description	pid	process	target process
PID 2928 wrote to memory of 1716	2928	HoneyPot.exe	schtasks.exe
PID 2928 wrote to memory of 1716	2928	HoneyPot.exe	schtasks.exe
PID 2928 wrote to memory of 1716	2928	HoneyPot.exe	schtasks.exe
PID 2928 wrote to memory of 1720	2928	HoneyPot.exe	Byfron.exe
PID 2928 wrote to memory of 1720	2928	HoneyPot.exe	Byfron.exe
PID 2928 wrote to memory of 1720	2928	HoneyPot.exe	Byfron.exe
PID 1720 wrote to memory of 2336	1720	Byfron.exe	schtasks.exe
PID 1720 wrote to memory of 2336	1720	Byfron.exe	schtasks.exe
PID 1720 wrote to memory of 2336	1720	Byfron.exe	schtasks.exe
PID 1720 wrote to memory of 2016	1720	Byfron.exe	cmd.exe
PID 1720 wrote to memory of 2016	1720	Byfron.exe	cmd.exe
PID 1720 wrote to memory of 2016	1720	Byfron.exe	cmd.exe
PID 2016 wrote to memory of 2820	2016	cmd.exe	chcp.com
PID 2016 wrote to memory of 2820	2016	cmd.exe	chcp.com
PID 2016 wrote to memory of 2820	2016	cmd.exe	chcp.com
PID 2016 wrote to memory of 2552	2016	cmd.exe	PING.EXE
PID 2016 wrote to memory of 2552	2016	cmd.exe	PING.EXE
PID 2016 wrote to memory of 2552	2016	cmd.exe	PING.EXE
PID 2016 wrote to memory of 2516	2016	cmd.exe	Byfron.exe
PID 2016 wrote to memory of 2516	2016	cmd.exe	Byfron.exe
PID 2016 wrote to memory of 2516	2016	cmd.exe	Byfron.exe
PID 2516 wrote to memory of 2588	2516	Byfron.exe	schtasks.exe
PID 2516 wrote to memory of 2588	2516	Byfron.exe	schtasks.exe
PID 2516 wrote to memory of 2588	2516	Byfron.exe	schtasks.exe
PID 2516 wrote to memory of 1792	2516	Byfron.exe	cmd.exe
PID 2516 wrote to memory of 1792	2516	Byfron.exe	cmd.exe
PID 2516 wrote to memory of 1792	2516	Byfron.exe	cmd.exe
PID 1792 wrote to memory of 2772	1792	cmd.exe	chcp.com
PID 1792 wrote to memory of 2772	1792	cmd.exe	chcp.com
PID 1792 wrote to memory of 2772	1792	cmd.exe	chcp.com
PID 1792 wrote to memory of 2808	1792	cmd.exe	PING.EXE
PID 1792 wrote to memory of 2808	1792	cmd.exe	PING.EXE
PID 1792 wrote to memory of 2808	1792	cmd.exe	PING.EXE
PID 1792 wrote to memory of 1812	1792	cmd.exe	Byfron.exe
PID 1792 wrote to memory of 1812	1792	cmd.exe	Byfron.exe
PID 1792 wrote to memory of 1812	1792	cmd.exe	Byfron.exe
PID 1812 wrote to memory of 1244	1812	Byfron.exe	schtasks.exe
PID 1812 wrote to memory of 1244	1812	Byfron.exe	schtasks.exe
PID 1812 wrote to memory of 1244	1812	Byfron.exe	schtasks.exe
PID 1812 wrote to memory of 1952	1812	Byfron.exe	cmd.exe
PID 1812 wrote to memory of 1952	1812	Byfron.exe	cmd.exe
PID 1812 wrote to memory of 1952	1812	Byfron.exe	cmd.exe
PID 1952 wrote to memory of 2944	1952	cmd.exe	chcp.com
PID 1952 wrote to memory of 2944	1952	cmd.exe	chcp.com
PID 1952 wrote to memory of 2944	1952	cmd.exe	chcp.com
PID 1952 wrote to memory of 2404	1952	cmd.exe	PING.EXE
PID 1952 wrote to memory of 2404	1952	cmd.exe	PING.EXE
PID 1952 wrote to memory of 2404	1952	cmd.exe	PING.EXE
PID 1952 wrote to memory of 1960	1952	cmd.exe	Byfron.exe
PID 1952 wrote to memory of 1960	1952	cmd.exe	Byfron.exe
PID 1952 wrote to memory of 1960	1952	cmd.exe	Byfron.exe
PID 1960 wrote to memory of 1512	1960	Byfron.exe	schtasks.exe
PID 1960 wrote to memory of 1512	1960	Byfron.exe	schtasks.exe
PID 1960 wrote to memory of 1512	1960	Byfron.exe	schtasks.exe
PID 1960 wrote to memory of 1908	1960	Byfron.exe	cmd.exe
PID 1960 wrote to memory of 1908	1960	Byfron.exe	cmd.exe
PID 1960 wrote to memory of 1908	1960	Byfron.exe	cmd.exe
PID 1908 wrote to memory of 2276	1908	cmd.exe	chcp.com
PID 1908 wrote to memory of 2276	1908	cmd.exe	chcp.com
PID 1908 wrote to memory of 2276	1908	cmd.exe	chcp.com
PID 1908 wrote to memory of 2496	1908	cmd.exe	PING.EXE
PID 1908 wrote to memory of 2496	1908	cmd.exe	PING.EXE
PID 1908 wrote to memory of 2496	1908	cmd.exe	PING.EXE
PID 1908 wrote to memory of 632	1908	cmd.exe	Byfron.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\HoneyPot.exe
"C:\Users\Admin\AppData\Local\Temp\HoneyPot.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2928

C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
2⤵
- Creates scheduled task(s)
PID:1716

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1720

C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
3⤵
- Creates scheduled task(s)
PID:2336

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vWc8KbIAzOOS.bat" "
3⤵
- Suspicious use of WriteProcessMemory
PID:2016

C:\Windows\system32\chcp.com
chcp 65001
4⤵
PID:2820

C:\Windows\system32\PING.EXE
ping -n 10 localhost
4⤵
- Runs ping.exe
PID:2552

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516

C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
5⤵
- Creates scheduled task(s)
PID:2588

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qN4xQ5NTHNcB.bat" "
5⤵
- Suspicious use of WriteProcessMemory
PID:1792

C:\Windows\system32\chcp.com
chcp 65001
6⤵
PID:2772

C:\Windows\system32\PING.EXE
ping -n 10 localhost
6⤵
- Runs ping.exe
PID:2808

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
6⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1812

C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
7⤵
- Creates scheduled task(s)
PID:1244

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\v0KTYTHtwVYv.bat" "
7⤵
- Suspicious use of WriteProcessMemory
PID:1952

C:\Windows\system32\chcp.com
chcp 65001
8⤵
PID:2944

C:\Windows\system32\PING.EXE
ping -n 10 localhost
8⤵
- Runs ping.exe
PID:2404

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
8⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1960

C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
9⤵
- Creates scheduled task(s)
PID:1512

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iyPqUSY1unO1.bat" "
9⤵
- Suspicious use of WriteProcessMemory
PID:1908

C:\Windows\system32\chcp.com
chcp 65001
10⤵
PID:2276

C:\Windows\system32\PING.EXE
ping -n 10 localhost
10⤵
- Runs ping.exe
PID:2496

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
10⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:632

C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
11⤵
- Creates scheduled task(s)
PID:1288

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CDk56tO0hX0V.bat" "
11⤵
PID:1384

C:\Windows\system32\chcp.com
chcp 65001
12⤵
PID:2480

C:\Windows\system32\PING.EXE
ping -n 10 localhost
12⤵
- Runs ping.exe
PID:1044

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
12⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:836

C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
13⤵
- Creates scheduled task(s)
PID:876

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oxiTvBAgZNqE.bat" "
13⤵
PID:3008

C:\Windows\system32\chcp.com
chcp 65001
14⤵
PID:1496

C:\Windows\system32\PING.EXE
ping -n 10 localhost
14⤵
- Runs ping.exe
PID:2476

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
14⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2040

C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
15⤵
- Creates scheduled task(s)
PID:1692

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fJ2cWabR5X7b.bat" "
15⤵
PID:2656

C:\Windows\system32\chcp.com
chcp 65001
16⤵
PID:2736

C:\Windows\system32\PING.EXE
ping -n 10 localhost
16⤵
- Runs ping.exe
PID:1252

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
16⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2628

C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
17⤵
- Creates scheduled task(s)
PID:2800

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YLAW0i5VAxZR.bat" "
17⤵
PID:964

C:\Windows\system32\chcp.com
chcp 65001
18⤵
PID:2168

C:\Windows\system32\PING.EXE
ping -n 10 localhost
18⤵
- Runs ping.exe
PID:2540

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
18⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
19⤵
- Creates scheduled task(s)
PID:1652

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\Q3Y7oTaBpi62.bat" "
19⤵
PID:2844

C:\Windows\system32\chcp.com
chcp 65001
20⤵
PID:2600

C:\Windows\system32\PING.EXE
ping -n 10 localhost
20⤵
- Runs ping.exe
PID:2812

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
20⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
21⤵
- Creates scheduled task(s)
PID:2228

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\3Tz98GKO0aQH.bat" "
21⤵
PID:592

C:\Windows\system32\chcp.com
chcp 65001
22⤵
PID:1664

C:\Windows\system32\PING.EXE
ping -n 10 localhost
22⤵
- Runs ping.exe
PID:2404

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
22⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:768

C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
23⤵
- Creates scheduled task(s)
PID:2036

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YHUZFJcpElod.bat" "
23⤵
PID:580

C:\Windows\system32\chcp.com
chcp 65001
24⤵
PID:1500

C:\Windows\system32\PING.EXE
ping -n 10 localhost
24⤵
- Runs ping.exe
PID:3052

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
24⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1132

C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
25⤵
- Creates scheduled task(s)
PID:2896

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\o5ph5ah5J8FC.bat" "
25⤵
PID:1304

C:\Windows\system32\chcp.com
chcp 65001
26⤵
PID:2460

C:\Windows\system32\PING.EXE
ping -n 10 localhost
26⤵
- Runs ping.exe
PID:544

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Remote System Discovery

T1018

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3Tz98GKO0aQH.bat
Filesize
207B

MD5
95498d4b33b3fa036f46100cb9dc5a8d

SHA1
51e10d663213d21d0d20fc299589cf63c212a2f1

SHA256
598222538d8e46c0f889f60ffe94ba4fa6c8be4f3a9e50ff7035fc48ec254a8d

SHA512
e04a72f8f42de995cba7cc29a1b97e39e0699f18cdb2bea3d927452fee60ecae8cc07fb028daf2feb5497808b70e8d9f8be0ce46d1d24354f97b4b3b8e0db073

Download Submit
C:\Users\Admin\AppData\Local\Temp\CDk56tO0hX0V.bat
Filesize
207B

MD5
c3e2d39a046b0e49889c24d3979da528

SHA1
fd9f8cb50b126a9b02a49a1f96b5aefb8c0f7f2f

SHA256
3a0a20c5f2e037677c7d889b80d61626971504d5cdacc10b61ba76c27eb4687a

SHA512
c05ae85c0af439daa0e6995371f7e73730c4e5120ccc3fe84df8a6c8f953fd08759d343231d39ec5d3f63784b992fb738d2e135c68bceff786389bd5d76bb884

Download Submit
C:\Users\Admin\AppData\Local\Temp\Q3Y7oTaBpi62.bat
Filesize
207B

MD5
091a62a68a591edb6720ded2d763ac68

SHA1
4d4092881e57a6e63f36b4f650247cb0c51e91d9

SHA256
53b56377d473e2f0b372080ed759342c80fdec0edcec59c30ec899bfc61a6208

SHA512
39ca134330bed2997f648cc70227a01fc2802ba103c56701c8de6becda20ee0be3c0b9a46a13e064c3cd4d6a2b52d8fc35b7396cb3838660ae51e6d0c15ca156

Download Submit
C:\Users\Admin\AppData\Local\Temp\YHUZFJcpElod.bat
Filesize
207B

MD5
051ee2b1c34617fb99ce69aa9fd4b0c9

SHA1
cac8b8d5ec5b6f2ac007e13049d3f49796de1299

SHA256
da8dcb8ba997a46e5690677b8d6746e6e278558b46f9c17c94bbf0438fabfb4a

SHA512
66b4193e7d22cd88f8cbe139e2f79ee10a28b62aca154b5e0dc2090103e84ce7ca35a1ab9d19fa31f289e59a94ef3d9117f5def4bc96bd848dbdca22809ef618

Download Submit
C:\Users\Admin\AppData\Local\Temp\YLAW0i5VAxZR.bat
Filesize
207B

MD5
9be4c417fc4ba72db5bdd4abb2e07512

SHA1
2982ebc63ea5583876d942699ec71cc84863e6e5

SHA256
a687a952ffa181e8dd70c66bac9fa8614edd505e00ae70d2898900291916e45f

SHA512
bb910fc3cc8d3eefa9cc4cd9816d7246cfae1926213807ec7d8fc641a28f36783f82d70c03d32c88aeb522f834011d64c11bd8c91e34d85572250d3cc22dd6f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\fJ2cWabR5X7b.bat
Filesize
207B

MD5
16847737bf0dc070dcc1a6097eb26082

SHA1
e4dbf2529fce3d2e1e268f20ba7a11ad8429257c

SHA256
c77bed37cc11402382bff9657f65c66c10bed8354b6851c6db04fb1bf3c2165e

SHA512
b5ea3a1acb31d2c92a45fd11ec8e41c8da3a212dd4d5cc1681b271d82ca402d540bcc4318870b105dbbeb3c13471c7da0d1a259d6227d4ed97cbae59856b132e

Download Submit
C:\Users\Admin\AppData\Local\Temp\iyPqUSY1unO1.bat
Filesize
207B

MD5
95588790cb20a3bfa3b334936f7570d0

SHA1
d94ace4e65ba9a8eb6b5ac5012df270670a5eac0

SHA256
2624704603c0dbb2ff3eaa41fd4642dff3495abf8dbe006254b1ef9eb27de6d4

SHA512
16296c3c75c0768acd3914c30ea22ff877e6be15b77bac17c75fdeea88d0b591566d78ef2d0a8f81a950a0e42f1ad51a2bcdccc8d3fa799227a0c63aee67d0ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\o5ph5ah5J8FC.bat
Filesize
207B

MD5
225f01e0524b9376545e8c4311b622b1

SHA1
c20f71f2a4bb3824ee37c824f24242ae30e66657

SHA256
602dd498d3684e04cc965f9e4424e7fd7112bbaf59f95da182d60b77e5251554

SHA512
fdc305ecf6eb30bb95420f47fdb016f54749be18e985f35f77c51db3f6ab1afee6c95a6e339d12bb0dbc5c5e2b83a71baf4ea615fea37d96c14e574f8c459c47

Download Submit
C:\Users\Admin\AppData\Local\Temp\oxiTvBAgZNqE.bat
Filesize
207B

MD5
872fb042010f0379c9cb69161a523506

SHA1
308eb1483ae1c4b005e86ba3c50d56d32103f159

SHA256
c8dca1d300ed7fc70d1529c10021aae5cf9b3788c48078892481920ee37084ed

SHA512
abd3a39131b182dcddce2bf44c286090480bead6f96bbed5753f60c85bdda14eb8e35c198614871499db507645c0a14409ba21716a0fe6d3cc8e420093831f8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\qN4xQ5NTHNcB.bat
Filesize
207B

MD5
e0d5f49ba55e9ff6d7122341ba98d16d

SHA1
ae3793733656660472bea8936367c12759e3b9aa

SHA256
6bc1d23ce9f205529a947a162716e31e26cd29cc20e114dde9b6b972033abaf0

SHA512
4cd4d607182fd71bee0424f4ca0205d23eb997e66a53ffcc6c093b66ef542b07c0438cca63125caa8069d6850402e0d3d88570d9be63625168e8ca99876aef99

Download Submit
C:\Users\Admin\AppData\Local\Temp\v0KTYTHtwVYv.bat
Filesize
207B

MD5
86577b735da9fb607fcba245991f5cb0

SHA1
ad919bfff7604f9ab30289e0467ae53bd80df658

SHA256
848532f03cd716274167f50439729c1536e919fa4c4b9d97918ed555bd5dd1a6

SHA512
8cd260cd485c098e4300950a112f2cf82a9d5cfd14c0ce0f0d96e9f17fcd289e84eb638f1337c538f4490d5fc0dbb68009723fb6f2d0e8188646a443b27c0bcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\vWc8KbIAzOOS.bat
Filesize
207B

MD5
678e37bae2c33a246a95b830fa9e9dc4

SHA1
853d5ea3503e8959cc91f3b465f141951d3ad5c5

SHA256
7924f1ea28041b261e7a3b58cef5e56634aad2ee8d697439a2202bd6f81050bc

SHA512
c7f099456545d04a13306f3a48757a8fb086a33bd895c8ff2f8e69e4324b20215853bae399dcd15d4cb10ecfb3c1e2859d83928af64148e370d0796ccd3e2489

Download Submit
C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
Filesize
3.2MB

MD5
1b1eb2ec84ec46145969c46749dc4063

SHA1
e1a988e15bd7184c9539b6f024ce80ce6b79d95e

SHA256
8c8a3846e1f9c9aef9566158cbe5c69f26ea1d1167f387bea8ab9a6f8de2b31e

SHA512
ccd4ae2047a50772120f59f75dfc9e0ae44af351e3c2871d32c93e32cee0348dc1380d9d2aecae5498608a017f5e8f7ae331ad68cced350dd27eb395525c1142

Download Submit
\??\PIPE\lsarpc
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/632-54-0x0000000000320000-0x0000000000658000-memory.dmp

Filesize
3.2MB

Download
memory/768-121-0x00000000002D0000-0x0000000000608000-memory.dmp

Filesize
3.2MB

Download
memory/836-66-0x0000000000950000-0x0000000000C88000-memory.dmp

Filesize
3.2MB

Download
memory/1132-132-0x0000000000940000-0x0000000000C78000-memory.dmp

Filesize
3.2MB

Download
memory/1720-11-0x000007FEF59B0000-0x000007FEF639C000-memory.dmp

Filesize
9.9MB

Download
memory/1720-21-0x000007FEF59B0000-0x000007FEF639C000-memory.dmp

Filesize
9.9MB

Download
memory/1720-9-0x0000000001090000-0x00000000013C8000-memory.dmp

Filesize
3.2MB

Download
memory/1720-8-0x000007FEF59B0000-0x000007FEF639C000-memory.dmp

Filesize
9.9MB

Download
memory/1812-33-0x0000000001350000-0x0000000001688000-memory.dmp

Filesize
3.2MB

Download
memory/2040-77-0x0000000001360000-0x0000000001698000-memory.dmp

Filesize
3.2MB

Download
memory/2080-100-0x0000000001140000-0x0000000001478000-memory.dmp

Filesize
3.2MB

Download
memory/2628-88-0x0000000000280000-0x00000000005B8000-memory.dmp

Filesize
3.2MB

Download
memory/2928-0-0x000007FEF59B3000-0x000007FEF59B4000-memory.dmp

Filesize
4KB

Download
memory/2928-10-0x000007FEF59B0000-0x000007FEF639C000-memory.dmp

Filesize
9.9MB

Download
memory/2928-2-0x000007FEF59B0000-0x000007FEF639C000-memory.dmp

Filesize
9.9MB

Download
memory/2928-1-0x0000000000C10000-0x0000000000F48000-memory.dmp

Filesize
3.2MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads