Analysis Overview

score

10^/10

SHA256

8c8a3846e1f9c9aef9566158cbe5c69f26ea1d1167f387bea8ab9a6f8de2b31e

Threat Level: Known bad

The file HoneyPot.exe was found to be: Known bad.

Malicious Activity Summary

it was the first day back to school cuttin up in class actin like a tool friends are rollin in we started talkin bout the summer dj saw twilight bummer i spoke up and i asked my friends "are there any new girls? nines or tens?" hopin a few hotties had moved from other cities and in walked this girl with tig 'ol bitties whoo i can't believe my eyes in a contest they'd win first prize double d, guarantee i was checkin the size it's like two beach balls in a shirt disguise or earth and mars havin some fun wait i take that back it's like two of the sun but at this point i let my mind run and drifted off thinkin bout them tig 'ol bitties hah, tig 'ol bitties mount fuji brought it's twin tig 'ol bitties two melons in a shirt tig 'ol bitties tig 'ol bitties i put books in my lap tig 'ol bitties heads bobbin as she walks tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties kept trippin in class cuz of her dang breasts in a tiny white shirt boobs havin a fiesta later in lab we were messin with test tubes couldn't keep my eyes off the new girls chest boobs! wasn't payin attention got busted had to serve detention in biology we talked about the bees the best kinda bees boob-bees whoo i can't believe my mind i hold a pokerface to her two of a kind with each step her breasts gettin redefined i'm makin my move i'm thinkin it's time oh snap i'mma ask her to prom and in my head she responds "you're the bomb" feelin nervous so i count to three "i like your boobs, go to prom with me?" hah, tig 'ol bitties king kong boobs tig 'ol bitties great tracks of land tig 'ol bitties tig 'ol bitties like my balls tig 'ol bitties real big tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties she said yes so i'm gettin ready stain on my shirt mom's spaghetti i pick her up and i'm pretty sure that she'll let me motor-boat like rrrrrr i try to cop a feel once we get to school she said "no touching, that's the rule" principal walks up on the scene "it's time to announce prom king and queen your favorite martian and tig 'ol bitties congratulations to you both on winning" time slowed down and she jumped for joy when out of her dress jumped something more tissues flew and rained from the sky oh my god you stuff your shirt!? your favorite martian in a world of hurt awwww fake 'ol bitties wow! fake 'ol bitties you breakin my heart with fake 'ol bitties you're crushin my dreams with fake 'ol bitties fake 'ol bitties i can't believable it fake 'ol bitties you really suck fake 'ol bitties i can't believe you would do that fake 'ol bitties fake 'ol bitties why would you do that when you're just trying to get everyone's attention stuffed boobs! they're lies! lies i tell you! but you know i'm still down to make out if you if you want to, want to come back with me you know what, never mindit was the first day back to school cuttin up in class actin like a tool friends are rollin in we started talkin bout the summer dj saw twilight bummer i spoke up and i asked my friends "are there any new girls? nines or tens?" hopin a few hotties had moved from other cities and in walked this girl with tig 'ol bitties whoo i can't believe my eyes in a contest they'd win first prize double d, guarantee i was checkin the size it's like two beach balls in a shirt disguise or earth and mars havin some fun wait i take that back it's like two of the sun but at this point i let my mind run and drifted off thinkin bout them tig 'ol bitties hah, tig 'ol bitties mount fuji brought it's twin tig 'ol bitties two melons in a shirt tig 'ol bitties tig 'ol bitties i put books in my lap tig 'ol bitties heads bobbin as she walks tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties kept trippin in class cuz of her dang breasts in a tiny white shirt boobs havin a fiesta later in lab we were messin with test tubes couldn't keep my eyes off the new girls chest boobs! wasn't payin attention got busted had to serve detention in biology we talked about the bees the best kinda bees boob-bees whoo i can't believe my mind i hold a pokerface to her two of a kind with each step her breasts gettin redefined i'm makin my move i'm thinkin it's time oh snap i'mma ask her to prom and in my head she responds "you're the bomb" feelin nervous so i count to three "i like your boobs, go to prom with me?" hah, tig 'ol bitties king kong boobs tig 'ol bitties great tracks of land tig 'ol bitties tig 'ol bitties like my balls tig 'ol bitties real big tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties she said yes so i'm gettin ready stain on my shirt mom's spaghetti i pick her up and i'm pretty sure that she'll let me motor-boat like rrrrrr i try to cop a feel once we get to school she said "no touching, that's the rule" principal walks up on the scene "it's time to announce prom king and queen your favorite martian and tig 'ol bitties congratulations to you both on winning" time slowed down and she jumped for joy when out of her dress jumped something more tissues flew and rained from the sky oh my god you stuff your shirt!? your favorite martian in a world of hurt awwww fake 'ol bitties wow! fake 'ol bitties you breakin my heart with fake 'ol bitties you're crushin my dreams with fake 'ol bitties fake 'ol bitties i can't believable it fake 'ol bitties you really suck fake 'ol bitties i can't believe you would do that fake 'ol bitties fake 'ol bitties why would you do that when you're just trying to get everyone's attention stuffed boobs! they're lies! lies i tell you! but you know i'm still down to make out if you if you want to, want to come back with me you know what, never mindit was the first day back to school cuttin up in class actin like a tool friends are rollin in we started talkin bout the summer dj saw twilight bummer i spoke up and i asked my friends "are there any new girls? nines or tens?" hopin a few hotties had moved from other cities and in walked this girl with tig 'ol bitties whoo i can't believe my eyes in a contest they'd win first prize double d, guarantee i was checkin the size it's like two beach balls in a shirt disguise or earth and mars havin some fun wait i take that back it's like two of the sun but at this point i let my mind run and drifted off thinkin bout them tig 'ol bitties hah, tig 'ol bitties mount fuji brought it's twin tig 'ol bitties two melons in a shirt tig 'ol bitties tig 'ol bitties i put books in my lap tig 'ol bitties heads bobbin as she walks tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties kept trippin in class cuz of her dang breasts in a tiny white shirt boobs havin a fiesta later in lab we were messin with test tubes couldn't keep my eyes off the new girls chest boobs! wasn't payin attention got busted had to serve detention in biology we talked about the bees the best kinda bees boob-bees whoo i can't believe my mind i hold a pokerface to her two of a kind with each step her breasts gettin redefined i'm makin my move i'm thinkin it's time oh snap i'mma ask her to prom and in my head she responds "you're the bomb" feelin nervous so i count to three "i like your boobs, go to prom with me?" hah, tig 'ol bitties king kong boobs tig 'ol bitties great tracks of land tig 'ol bitties tig 'ol bitties like my balls tig 'ol bitties real big tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties she said yes so i'm gettin ready stain on my shirt mom's spaghetti i pick her up and i'm pretty sure that she'll let me motor-boat like rrrrrr i try to cop a feel once we get to school she said "no touching, that's the rule" principal walks up on the scene "it's time to announce prom king and queen your favorite martian and tig 'ol bitties congratulations to you both on winning" time slowed down and she jumped for joy when out of her dress jumped something more tissues flew and rained from the sky oh my god you stuff your shirt!? your favorite martian in a world of hurt awwww fake 'ol bitties wow! fake 'ol bitties you breakin my heart with fake 'ol bitties you're crushin my dreams with fake 'ol bitties fake 'ol bitties i can't believable it fake 'ol bitties you really suck fake 'ol bitties i can't believe you would do that fake 'ol bitties fake 'ol bitties why would you do that when you're just trying to get everyone's attention stuffed boobs! they're lies! lies i tell you! but you know i'm still down to make out if you if you want to, want to come back with me you know what, never mindit was the first day back to school cuttin up in class actin like a tool friends are rollin in we started talkin bout the summer dj saw twilight bummer i spoke up and i asked my friends "are there any new girls? nines or tens?" hopin a few hotties had moved from other cities and in walked this girl with tig 'ol bitties whoo i can't believe my eyes in a contest they'd win first prize double d, guarantee i was checkin the size it's like two beach balls in a shirt disguise or earth and mars havin some fun wait i take that back it's like two of the sun but at this point i let my mind run and drifted off thinkin bout them tig 'ol bitties hah, tig 'ol bitties mount fuji brought it's twin tig 'ol bitties two melons in a shirt tig 'ol bitties tig 'ol bitties i put books in my lap tig 'ol bitties heads bobbin as she walks tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties kept trippin in class cuz of her dang breasts in a tiny white shirt boobs havin a fiesta later in lab we were messin with test tubes couldn't keep my eyes off the new girls chest boobs! wasn't payin attention got busted had to serve detention in biology we talked about the bees the best kinda bees boob-bees whoo i can't believe my mind i hold a pokerface to her two of a kind with each step her breasts gettin redefined i'm makin my move i'm thinkin it's time oh snap i'mma ask her to prom and in my head she responds "you're the bomb" feelin nervous so i count to three "i like your boobs, go to prom with me?" hah, tig 'ol bitties king kong boobs tig 'ol bitties great tracks of land tig 'ol bitties tig 'ol bitties like my balls tig 'ol bitties real big tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties she said yes so i'm gettin ready stain on my shirt mom's spaghetti i pick her up and i'm pretty sure that she'll let me motor-boat like rrrrrr i try to cop a feel once we get to school she said "no touching, that's the rule" principal walks up on the scene "it's time to announce prom king and queen your favorite martian and tig 'ol bitties congratulations to you both on winning" time slowed down and she jumped for joy when out of her dress jumped something more tissues flew and rained from the sky oh my god you stuff your shirt!? your favorite martian in a world of hurt awwww fake 'ol bitties wow! fake 'ol bitties you breakin my heart with fake 'ol bitties you're crushin my dreams with fake 'ol bitties fake 'ol bitties i can't believable it fake 'ol bitties you really suck fake 'ol bitties i can't believe you would do that fake 'ol bitties fake 'ol bitties why would you do that when you're just trying to get everyone's attention stuffed boobs! they're lies! lies i tell you! but you know i'm still down to make out if you if you want to, want to come back with me you know what, never mindit was the first day back to school cuttin up in class actin like a tool friends are rollin in we started talkin bout the summer dj saw twilight bummer i spoke up and i asked my friends "are there any new girls? nines or tens?" hopin a few hotties had moved from other cities and in walked this girl with tig 'ol bitties whoo i can't believe my eyes in a contest they'd win first prize double d, guarantee i was checkin the size it's like two beach balls in a shirt disguise or earth and mars havin some fun wait i take that back it's like two of the sun but at this point i let my mind run and drifted off thinkin bout them tig 'ol bitties hah, tig 'ol bitties mount fuji brought it's twin tig 'ol bitties two melons in a shirt tig 'ol bitties tig 'ol bitties i put books in my lap tig 'ol bitties heads bobbin as she walks tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties kept trippin in class cuz of her dang breasts in a tiny white shirt boobs havin a fiesta later in lab we were messin with test tubes couldn't keep my eyes off the new girls chest boobs! wasn't payin attention got busted had to serve detention in biology we talked about the bees the best kinda bees boob-bees whoo i can't believe my mind i hold a pokerface to her two of a kind with each step her breasts gettin redefined i'm makin my move i'm thinkin it's time oh snap i'mma ask her to prom and in my head she responds "you're the bomb" feelin nervous so i count to three "i like your boobs, go to prom with me?" hah, tig 'ol bitties king kong boobs tig 'ol bitties great tracks of land tig 'ol bitties tig 'ol bitties like my balls tig 'ol bitties real big tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties she said yes so i'm gettin ready stain on my shirt mom's spaghetti i pick her up and i'm pretty sure that she'll let me motor-boat like rrrrrr i try to cop a feel once we get to school she said "no touching, that's the rule" principal walks up on the scene "it's time to announce prom king and queen your favorite martian and tig 'ol bitties congratulations to you both on winning" time slowed down and she jumped for joy when out of her dress jumped something more tissues flew and rained from the sky oh my god you stuff your shirt!? your favorite martian in a world of hurt awwww fake 'ol bitties wow! fake 'ol bitties you breakin my heart with fake 'ol bitties you're crushin my dreams with fake 'ol bitties fake 'ol bitties i can't believable it fake 'ol bitties you really suck fake 'ol bitties i can't believe you would do that fake 'ol bitties fake 'ol bitties why would you do that when you're just trying to get everyone's attention stuffed boobs! they're lies! lies i tell you! but you know i'm still down to make out if you if you want to, want to come back with me you know what, never mindit was the first day back to school cuttin up in class actin like a tool friends are rollin in we started talkin bout the summer dj saw twilight bummer i spoke up and i asked my friends "are there any new girls? nines or tens?" hopin a few hotties had moved from other cities and in walked this girl with tig 'ol bitties whoo i can't believe my eyes in a contest they'd win first prize double d, guarantee i was checkin the size it's like two beach balls in a shirt disguise or earth and mars havin some fun wait i take that back it's like two of the sun but at this point i let my mind run and drifted off thinkin bout them tig 'ol bitties hah, tig 'ol bitties mount fuji brought it's twin tig 'ol bitties two melons in a shirt tig 'ol bitties tig 'ol bitties i put books in my lap tig 'ol bitties heads bobbin as she walks tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties kept trippin in class cuz of her dang breasts in a tiny white shirt boobs havin a fiesta later in lab we were messin with test tubes couldn't keep my eyes off the new girls chest boobs! wasn't payin attention got busted had to serve detention in biology we talked about the bees the best kinda bees boob-bees whoo i can't believe my mind i hold a pokerface to her two of a kind with each step her breasts gettin redefined i'm makin my move i'm thinkin it's time oh snap i'mma ask her to prom and in my head she responds "you're the bomb" feelin nervous so i count to three "i like your boobs, go to prom with me?" hah, tig 'ol bitties king kong boobs tig 'ol bitties great tracks of land tig 'ol bitties tig 'ol bitties like my balls tig 'ol bitties real big tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties she said yes so i'm gettin ready stain on my shirt mom's spaghetti i pick her up and i'm pretty sure that she'll let me motor-boat like rrrrrr i try to cop a feel once we get to school she said "no touching, that's the rule" principal walks up on the scene "it's time to announce prom king and queen your favorite martian and tig 'ol bitties congratulations to you both on winning" time slowed down and she jumped for joy when out of her dress jumped something more tissues flew and rained from the sky oh my god you stuff your shirt!? your favorite martian in a world of hurt awwww fake 'ol bitties wow! fake 'ol bitties you breakin my heart with fake 'ol bitties you're crushin my dreams with fake 'ol bitties fake 'ol bitties i can't believable it fake 'ol bitties you really suck fake 'ol bitties i can't believe you would do that fake 'ol bitties fake 'ol bitties why would you do that when you're just trying to get everyone's attention stuffed boobs! they're lies! lies i tell you! but you know i'm still down to make out if you if you want to, want to come back with me you know what, never mindit was the first day back to school cuttin up in class actin like a tool friends are rollin in we started talkin bout the summer dj saw twilight bummer i spoke up and i asked my friends "are there any new girls? nines or tens?" hopin a few hotties had moved from other cities and in walked this girl with tig 'ol bitties whoo i can't believe my eyes in a contest they'd win first prize double d, guarantee i was checkin the size it's like two beach balls in a shirt disguise or earth and mars havin some fun wait i take that back it's like two of the sun but at this point i let my mind run and drifted off thinkin bout them tig 'ol bitties hah, tig 'ol bitties mount fuji brought it's twin tig 'ol bitties two melons in a shirt tig 'ol bitties tig 'ol bitties i put books in my lap tig 'ol bitties heads bobbin as she walks tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties kept trippin in class cuz of her dang breasts in a tiny white shirt boobs havin a fiesta later in lab we were messin with test tubes couldn't keep my eyes off the new girls chest boobs! wasn't payin attention got busted had to serve detention in biology we talked about the bees the best kinda bees boob-bees whoo i can't believe my mind i hold a pokerface to her two of a kind with each step her breasts gettin redefined i'm makin my move i'm thinkin it's time oh snap i'mma ask her to prom and in my head she responds "you're the bomb" feelin nervous so i count to three "i like your boobs, go to prom with me?" hah, tig 'ol bitties king kong boobs tig 'ol bitties great tracks of land tig 'ol bitties tig 'ol bitties like my balls tig 'ol bitties real big tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties she said yes so i'm gettin ready stain on my shirt mom's spaghetti i pick her up and i'm pretty sure that she'll let me motor-boat like rrrrrr i try to cop a feel once we get to school she said "no touching, that's the rule" principal walks up on the scene "it's time to announce prom king and queen your favorite martian and tig 'ol bitties congratulations to you both on winning" time slowed down and she jumped for joy when out of her dress jumped something more tissues flew and rained from the sky oh my god you stuff your shirt!? your favorite martian in a world of hurt awwww fake 'ol bitties wow! fake 'ol bitties you breakin my heart with fake 'ol bitties you're crushin my dreams with fake 'ol bitties fake 'ol bitties i can't believable it fake 'ol bitties you really suck fake 'ol bitties i can't believe you would do that fake 'ol bitties fake 'ol bitties why would you do that when you're just trying to get everyone's attention stuffed boobs! they're lies! lies i tell you! but you know i'm still down to make out if you if you want to, want to come back with me you know what, never mindit was the first day back to school cuttin up in class actin like a tool friends are rollin in we started talkin bout the summer dj saw twilight bummer i spoke up and i asked my friends "are there any new girls? nines or tens?" hopin a few hotties had moved from other cities and in walked this girl with tig 'ol bitties whoo i can't believe my eyes in a contest they'd win first prize double d, guarantee i was checkin the size it's like two beach balls in a shirt disguise or earth and mars havin some fun wait i take that back it's like two of the sun but at this point i let my mind run and drifted off thinkin bout them tig 'ol bitties hah, tig 'ol bitties mount fuji brought it's twin tig 'ol bitties two melons in a shirt tig 'ol bitties tig 'ol bitties i put books in my lap tig 'ol bitties heads bobbin as she walks tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties kept trippin in class cuz of her dang breasts in a tiny white shirt boobs havin a fiesta later in lab we were messin with test tubes couldn't keep my eyes off the new girls chest boobs! wasn't payin attention got busted had to serve detention in biology we talked about the bees the best kinda bees boob-bees whoo i can't believe my mind i hold a pokerface to her two of a kind with each step her breasts gettin redefined i'm makin my move i'm thinkin it's time oh snap i'mma ask her to prom and in my head she responds "you're the bomb" feelin nervous so i count to three "i like your boobs, go to prom with me?" hah, tig 'ol bitties king kong boobs tig 'ol bitties great tracks of land tig 'ol bitties tig 'ol bitties like my balls tig 'ol bitties real big tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties she said yes so i'm gettin ready stain on my shirt mom's spaghetti i pick her up and i'm pretty sure that she'll let me motor-boat like rrrrrr i try to cop a feel once we get to school she said "no touching, that's the rule" principal walks up on the scene "it's time to announce prom king and queen your favorite martian and tig 'ol bitties congratulations to you both on winning" time slowed down and she jumped for joy when out of her dress jumped something more tissues flew and rained from the sky oh my god you stuff your shirt!? your favorite martian in a world of hurt awwww fake 'ol bitties wow! fake 'ol bitties you breakin my heart with fake 'ol bitties you're crushin my dreams with fake 'ol bitties fake 'ol bitties i can't believable it fake 'ol bitties you really suck fake 'ol bitties i can't believe you would do that fake 'ol bitties fake 'ol bitties why would you do that when you're just trying to get everyone's attention stuffed boobs! they're lies! lies i tell you! but you know i'm still down to make out if you if you want to, want to come back with me you know what, never mindit was the first day back to school cuttin up in class actin like a tool friends are rollin in we started talkin bout the summer dj saw twilight bummer i spoke up and i asked my friends "are there any new girls? nines or tens?" hopin a few hotties had moved from other cities and in walked this girl with tig 'ol bitties whoo i can't believe my eyes in a contest they'd win first prize double d, guarantee i was checkin the size it's like two beach balls in a shirt disguise or earth and mars havin some fun wait i take that back it's like two of the sun but at this point i let my mind run and drifted off thinkin bout them tig 'ol bitties hah, tig 'ol bitties mount fuji brought it's twin tig 'ol bitties two melons in a shirt tig 'ol bitties tig 'ol bitties i put books in my lap tig 'ol bitties heads bobbin as she walks tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties kept trippin in class cuz of her dang breasts in a tiny white shirt boobs havin a fiesta later in lab we were messin with test tubes couldn't keep my eyes off the new girls chest boobs! wasn't payin attention got busted had to serve detention in biology we talked about the bees the best kinda bees boob-bees whoo i can't believe my mind i hold a pokerface to her two of a kind with each step her breasts gettin redefined i'm makin my move i'm thinkin it's time oh snap i'mma ask her to prom and in my head she responds "you're the bomb" feelin nervous so i count to three "i like your boobs, go to prom with me?" hah, tig 'ol bitties king kong boobs tig 'ol bitties great tracks of land tig 'ol bitties tig 'ol bitties like my balls tig 'ol bitties real big tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties she said yes so i'm gettin ready stain on my shirt mom's spaghetti i pick her up and i'm pretty sure that she'll let me motor-boat like rrrrrr i try to cop a feel once we get to school she said "no touching, that's the rule" principal walks up on the scene "it's time to announce prom king and queen your favorite martian and tig 'ol bitties congratulations to you both on winning" time slowed down and she jumped for joy when out of her dress jumped something more tissues flew and rained from the sky oh my god you stuff your shirt!? your favorite martian in a world of hurt awwww fake 'ol bitties wow! fake 'ol bitties you breakin my heart with fake 'ol bitties you're crushin my dreams with fake 'ol bitties fake 'ol bitties i can't believable it fake 'ol bitties you really suck fake 'ol bitties i can't believe you would do that fake 'ol bitties fake 'ol bitties why would you do that when you're just trying to get everyone's attention stuffed boobs! they're lies! lies i tell you! but you know i'm still down to make out if you if you want to, want to come back with me you know what, never mindit was the first day back to school cuttin up in class actin like a tool friends are rollin in we started talkin bout the summer dj saw twilight bummer i spoke up and i asked my friends "are there any new girls? nines or tens?" hopin a few hotties had moved from other cities and in walked this girl with tig 'ol bitties whoo i can't believe my eyes in a contest they'd win first prize double d, guarantee i was checkin the size it's like two beach balls in a shirt disguise or earth and mars havin some fun wait i take that back it's like two of the sun but at this point i let my mind run and drifted off thinkin bout them tig 'ol bitties hah, tig 'ol bitties mount fuji brought it's twin tig 'ol bitties two melons in a shirt tig 'ol bitties tig 'ol bitties i put books in my lap tig 'ol bitties heads bobbin as she walks tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties kept trippin in class cuz of her dang breasts in a tiny white shirt boobs havin a fiesta later in lab we were messin with test tubes couldn't keep my eyes off the new girls chest boobs! wasn't payin attention got busted had to serve detention in biology we talked about the bees the best kinda bees boob-bees whoo i can't believe my mind i hold a pokerface to her two of a kind with each step her breasts gettin redefined i'm makin my move i'm thinkin it's time oh snap i'mma ask her to prom and in my head she responds "you're the bomb" feelin nervous so i count to three "i like your boobs, go to prom with me?" hah, tig 'ol bitties king kong boobs tig 'ol bitties great tracks of land tig 'ol bitties tig 'ol bitties like my balls tig 'ol bitties real big tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties she said yes so i'm gettin ready stain on my shirt mom's spaghetti i pick her up and i'm pretty sure that she'll let me motor-boat like rrrrrr i try to cop a feel once we get to school she said "no touching, that's the rule" principal walks up on the scene "it's time to announce prom king and queen your favorite martian and tig 'ol bitties congratulations to you both on winning" time slowed down and she jumped for joy when out of her dress jumped something more tissues flew and rained from the sky oh my god you stuff your shirt!? your favorite martian in a world of hurt awwww fake 'ol bitties wow! fake 'ol bitties you breakin my heart with fake 'ol bitties you're crushin my dreams with fake 'ol bitties fake 'ol bitties i can't believable it fake 'ol bitties you really suck fake 'ol bitties i can't believe you would do that fake 'ol bitties fake 'ol bitties why would you do that when you're just trying to get everyone's attention stuffed boobs! they're lies! lies i tell you! but you know i'm still down to make out if you if you want to, want to come back with me you know what, never mindit was the first day back to school cuttin up in class actin like a tool friends are rollin in we started talkin bout the summer dj saw twilight bummer i spoke up and i asked my friends "are there any new girls? nines or tens?" hopin a few hotties had moved from other cities and in walked this girl with tig 'ol bitties whoo i can't believe my eyes in a contest they'd win first prize double d, guarantee i was checkin the size it's like two beach balls in a shirt disguise or earth and mars havin some fun wait i take that back it's like two of the sun but at this point i let my mind run and drifted off thinkin bout them tig 'ol bitties hah, tig 'ol bitties mount fuji brought it's twin tig 'ol bitties two melons in a shirt tig 'ol bitties tig 'ol bitties i put books in my lap tig 'ol bitties heads bobbin as she walks tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties kept trippin in class cuz of her dang breasts in a tiny white shirt boobs havin a fiesta later in lab we were messin with test tubes couldn't keep my eyes off the new girls chest boobs! wasn't payin attention got busted had to serve detention in biology we talked about the bees the best kinda bees boob-bees whoo i can't believe my mind i hold a pokerface to her two of a kind with each step her breasts gettin redefined i'm makin my move i'm thinkin it's time oh snap i'mma ask her to prom and in my head she responds "you're the bomb" feelin nervous so i count to three "i like your boobs, go to prom with me?" hah, tig 'ol bitties king kong boobs tig 'ol bitties great tracks of land tig 'ol bitties tig 'ol bitties like my balls tig 'ol bitties real big tig 'ol bitties oh my god! tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties tig 'ol bitties she said yes so i'm gettin ready stain on my shirt mom's spaghetti i pick her up and i'm pretty sure that she'll let me motor-boat like rrrrrr i try to cop a feel once we get to school she said "no t quasar spyware trojan

Quasar family

Quasar payload

Quasar RAT

Executes dropped EXE

Checks computer location settings

Enumerates physical storage devices

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Creates scheduled task(s)

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Runs ping.exe

Uses Task Scheduler COM API

MITRE ATT&CK Matrix V13

System Information Discovery

T1082

Remote System Discovery

Analysis: static1

Detonation Overview

Reported

2024-06-09 20:25

Signatures

Quasar family

quasar

Quasar payload

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A

Unsigned PE

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 20:25

Reported

2024-06-09 20:29

Platform

win7-20240508-en

Max time kernel

140s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\HoneyPot.exe"

Signatures

Quasar RAT

trojan spyware quasar

Quasar payload

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A

Executes dropped EXE

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence

Description	Indicator	Process	Target
N/A	N/A	C:\Windows\system32\schtasks.exe	N/A
N/A	N/A	C:\Windows\system32\schtasks.exe	N/A
N/A	N/A	C:\Windows\system32\schtasks.exe	N/A
N/A	N/A	C:\Windows\system32\schtasks.exe	N/A
N/A	N/A	C:\Windows\system32\schtasks.exe	N/A
N/A	N/A	C:\Windows\system32\schtasks.exe	N/A
N/A	N/A	C:\Windows\system32\schtasks.exe	N/A
N/A	N/A	C:\Windows\system32\schtasks.exe	N/A
N/A	N/A	C:\Windows\system32\schtasks.exe	N/A
N/A	N/A	C:\Windows\system32\schtasks.exe	N/A
N/A	N/A	C:\Windows\system32\schtasks.exe	N/A
N/A	N/A	C:\Windows\system32\schtasks.exe	N/A
N/A	N/A	C:\Windows\system32\schtasks.exe	N/A

Runs ping.exe

Description	Indicator	Process	Target
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A

Suspicious use of AdjustPrivilegeToken

Description	Indicator	Process	Target
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\HoneyPot.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A

Suspicious use of SetWindowsHookEx

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A

Suspicious use of WriteProcessMemory

Description	Indicator	Process	Target
PID 2928 wrote to memory of 1716	N/A	C:\Users\Admin\AppData\Local\Temp\HoneyPot.exe	C:\Windows\system32\schtasks.exe
PID 2928 wrote to memory of 1716	N/A	C:\Users\Admin\AppData\Local\Temp\HoneyPot.exe	C:\Windows\system32\schtasks.exe
PID 2928 wrote to memory of 1716	N/A	C:\Users\Admin\AppData\Local\Temp\HoneyPot.exe	C:\Windows\system32\schtasks.exe
PID 2928 wrote to memory of 1720	N/A	C:\Users\Admin\AppData\Local\Temp\HoneyPot.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 2928 wrote to memory of 1720	N/A	C:\Users\Admin\AppData\Local\Temp\HoneyPot.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 2928 wrote to memory of 1720	N/A	C:\Users\Admin\AppData\Local\Temp\HoneyPot.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 1720 wrote to memory of 2336	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\schtasks.exe
PID 1720 wrote to memory of 2336	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\schtasks.exe
PID 1720 wrote to memory of 2336	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\schtasks.exe
PID 1720 wrote to memory of 2016	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 1720 wrote to memory of 2016	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 1720 wrote to memory of 2016	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 2016 wrote to memory of 2820	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 2016 wrote to memory of 2820	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 2016 wrote to memory of 2820	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 2016 wrote to memory of 2552	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 2016 wrote to memory of 2552	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 2016 wrote to memory of 2552	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 2016 wrote to memory of 2516	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 2016 wrote to memory of 2516	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 2016 wrote to memory of 2516	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 2516 wrote to memory of 2588	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\schtasks.exe
PID 2516 wrote to memory of 2588	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\schtasks.exe
PID 2516 wrote to memory of 2588	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\schtasks.exe
PID 2516 wrote to memory of 1792	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 2516 wrote to memory of 1792	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 2516 wrote to memory of 1792	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 1792 wrote to memory of 2772	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 1792 wrote to memory of 2772	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 1792 wrote to memory of 2772	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 1792 wrote to memory of 2808	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 1792 wrote to memory of 2808	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 1792 wrote to memory of 2808	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 1792 wrote to memory of 1812	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 1792 wrote to memory of 1812	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 1792 wrote to memory of 1812	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 1812 wrote to memory of 1244	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\schtasks.exe
PID 1812 wrote to memory of 1244	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\schtasks.exe
PID 1812 wrote to memory of 1244	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\schtasks.exe
PID 1812 wrote to memory of 1952	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 1812 wrote to memory of 1952	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 1812 wrote to memory of 1952	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 1952 wrote to memory of 2944	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 1952 wrote to memory of 2944	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 1952 wrote to memory of 2944	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 1952 wrote to memory of 2404	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 1952 wrote to memory of 2404	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 1952 wrote to memory of 2404	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 1952 wrote to memory of 1960	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 1952 wrote to memory of 1960	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 1952 wrote to memory of 1960	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 1960 wrote to memory of 1512	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\schtasks.exe
PID 1960 wrote to memory of 1512	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\schtasks.exe
PID 1960 wrote to memory of 1512	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\schtasks.exe
PID 1960 wrote to memory of 1908	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 1960 wrote to memory of 1908	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 1960 wrote to memory of 1908	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 1908 wrote to memory of 2276	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 1908 wrote to memory of 2276	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 1908 wrote to memory of 2276	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 1908 wrote to memory of 2496	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 1908 wrote to memory of 2496	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 1908 wrote to memory of 2496	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 1908 wrote to memory of 632	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\HoneyPot.exe

"C:\Users\Admin\AppData\Local\Temp\HoneyPot.exe"

C:\Windows\system32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\system32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\vWc8KbIAzOOS.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\system32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\qN4xQ5NTHNcB.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\system32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\v0KTYTHtwVYv.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\system32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\iyPqUSY1unO1.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\system32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\CDk56tO0hX0V.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\system32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\oxiTvBAgZNqE.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\system32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\fJ2cWabR5X7b.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\system32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\YLAW0i5VAxZR.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\system32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\Q3Y7oTaBpi62.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\system32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\3Tz98GKO0aQH.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\system32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\YHUZFJcpElod.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\system32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\o5ph5ah5J8FC.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

Network

N/A

Files

memory/2928-0-0x000007FEF59B3000-0x000007FEF59B4000-memory.dmp

memory/2928-1-0x0000000000C10000-0x0000000000F48000-memory.dmp

memory/2928-2-0x000007FEF59B0000-0x000007FEF639C000-memory.dmp

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

MD5	1b1eb2ec84ec46145969c46749dc4063
SHA1	e1a988e15bd7184c9539b6f024ce80ce6b79d95e
SHA256	8c8a3846e1f9c9aef9566158cbe5c69f26ea1d1167f387bea8ab9a6f8de2b31e
SHA512	ccd4ae2047a50772120f59f75dfc9e0ae44af351e3c2871d32c93e32cee0348dc1380d9d2aecae5498608a017f5e8f7ae331ad68cced350dd27eb395525c1142

memory/1720-8-0x000007FEF59B0000-0x000007FEF639C000-memory.dmp

memory/1720-9-0x0000000001090000-0x00000000013C8000-memory.dmp

memory/2928-10-0x000007FEF59B0000-0x000007FEF639C000-memory.dmp

memory/1720-11-0x000007FEF59B0000-0x000007FEF639C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\vWc8KbIAzOOS.bat

MD5	678e37bae2c33a246a95b830fa9e9dc4
SHA1	853d5ea3503e8959cc91f3b465f141951d3ad5c5
SHA256	7924f1ea28041b261e7a3b58cef5e56634aad2ee8d697439a2202bd6f81050bc
SHA512	c7f099456545d04a13306f3a48757a8fb086a33bd895c8ff2f8e69e4324b20215853bae399dcd15d4cb10ecfb3c1e2859d83928af64148e370d0796ccd3e2489

memory/1720-21-0x000007FEF59B0000-0x000007FEF639C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\qN4xQ5NTHNcB.bat

MD5	e0d5f49ba55e9ff6d7122341ba98d16d
SHA1	ae3793733656660472bea8936367c12759e3b9aa
SHA256	6bc1d23ce9f205529a947a162716e31e26cd29cc20e114dde9b6b972033abaf0
SHA512	4cd4d607182fd71bee0424f4ca0205d23eb997e66a53ffcc6c093b66ef542b07c0438cca63125caa8069d6850402e0d3d88570d9be63625168e8ca99876aef99

memory/1812-33-0x0000000001350000-0x0000000001688000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\v0KTYTHtwVYv.bat

MD5	86577b735da9fb607fcba245991f5cb0
SHA1	ad919bfff7604f9ab30289e0467ae53bd80df658
SHA256	848532f03cd716274167f50439729c1536e919fa4c4b9d97918ed555bd5dd1a6
SHA512	8cd260cd485c098e4300950a112f2cf82a9d5cfd14c0ce0f0d96e9f17fcd289e84eb638f1337c538f4490d5fc0dbb68009723fb6f2d0e8188646a443b27c0bcd

C:\Users\Admin\AppData\Local\Temp\iyPqUSY1unO1.bat

MD5	95588790cb20a3bfa3b334936f7570d0
SHA1	d94ace4e65ba9a8eb6b5ac5012df270670a5eac0
SHA256	2624704603c0dbb2ff3eaa41fd4642dff3495abf8dbe006254b1ef9eb27de6d4
SHA512	16296c3c75c0768acd3914c30ea22ff877e6be15b77bac17c75fdeea88d0b591566d78ef2d0a8f81a950a0e42f1ad51a2bcdccc8d3fa799227a0c63aee67d0ba

memory/632-54-0x0000000000320000-0x0000000000658000-memory.dmp

\??\PIPE\lsarpc

MD5	d41d8cd98f00b204e9800998ecf8427e
SHA1	da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512	cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\CDk56tO0hX0V.bat

MD5	c3e2d39a046b0e49889c24d3979da528
SHA1	fd9f8cb50b126a9b02a49a1f96b5aefb8c0f7f2f
SHA256	3a0a20c5f2e037677c7d889b80d61626971504d5cdacc10b61ba76c27eb4687a
SHA512	c05ae85c0af439daa0e6995371f7e73730c4e5120ccc3fe84df8a6c8f953fd08759d343231d39ec5d3f63784b992fb738d2e135c68bceff786389bd5d76bb884

memory/836-66-0x0000000000950000-0x0000000000C88000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\oxiTvBAgZNqE.bat

MD5	872fb042010f0379c9cb69161a523506
SHA1	308eb1483ae1c4b005e86ba3c50d56d32103f159
SHA256	c8dca1d300ed7fc70d1529c10021aae5cf9b3788c48078892481920ee37084ed
SHA512	abd3a39131b182dcddce2bf44c286090480bead6f96bbed5753f60c85bdda14eb8e35c198614871499db507645c0a14409ba21716a0fe6d3cc8e420093831f8f

memory/2040-77-0x0000000001360000-0x0000000001698000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\fJ2cWabR5X7b.bat

MD5	16847737bf0dc070dcc1a6097eb26082
SHA1	e4dbf2529fce3d2e1e268f20ba7a11ad8429257c
SHA256	c77bed37cc11402382bff9657f65c66c10bed8354b6851c6db04fb1bf3c2165e
SHA512	b5ea3a1acb31d2c92a45fd11ec8e41c8da3a212dd4d5cc1681b271d82ca402d540bcc4318870b105dbbeb3c13471c7da0d1a259d6227d4ed97cbae59856b132e

memory/2628-88-0x0000000000280000-0x00000000005B8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\YLAW0i5VAxZR.bat

MD5	9be4c417fc4ba72db5bdd4abb2e07512
SHA1	2982ebc63ea5583876d942699ec71cc84863e6e5
SHA256	a687a952ffa181e8dd70c66bac9fa8614edd505e00ae70d2898900291916e45f
SHA512	bb910fc3cc8d3eefa9cc4cd9816d7246cfae1926213807ec7d8fc641a28f36783f82d70c03d32c88aeb522f834011d64c11bd8c91e34d85572250d3cc22dd6f1

memory/2080-100-0x0000000001140000-0x0000000001478000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Q3Y7oTaBpi62.bat

MD5	091a62a68a591edb6720ded2d763ac68
SHA1	4d4092881e57a6e63f36b4f650247cb0c51e91d9
SHA256	53b56377d473e2f0b372080ed759342c80fdec0edcec59c30ec899bfc61a6208
SHA512	39ca134330bed2997f648cc70227a01fc2802ba103c56701c8de6becda20ee0be3c0b9a46a13e064c3cd4d6a2b52d8fc35b7396cb3838660ae51e6d0c15ca156

C:\Users\Admin\AppData\Local\Temp\3Tz98GKO0aQH.bat

MD5	95498d4b33b3fa036f46100cb9dc5a8d
SHA1	51e10d663213d21d0d20fc299589cf63c212a2f1
SHA256	598222538d8e46c0f889f60ffe94ba4fa6c8be4f3a9e50ff7035fc48ec254a8d
SHA512	e04a72f8f42de995cba7cc29a1b97e39e0699f18cdb2bea3d927452fee60ecae8cc07fb028daf2feb5497808b70e8d9f8be0ce46d1d24354f97b4b3b8e0db073

memory/768-121-0x00000000002D0000-0x0000000000608000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\YHUZFJcpElod.bat

MD5	051ee2b1c34617fb99ce69aa9fd4b0c9
SHA1	cac8b8d5ec5b6f2ac007e13049d3f49796de1299
SHA256	da8dcb8ba997a46e5690677b8d6746e6e278558b46f9c17c94bbf0438fabfb4a
SHA512	66b4193e7d22cd88f8cbe139e2f79ee10a28b62aca154b5e0dc2090103e84ce7ca35a1ab9d19fa31f289e59a94ef3d9117f5def4bc96bd848dbdca22809ef618

memory/1132-132-0x0000000000940000-0x0000000000C78000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\o5ph5ah5J8FC.bat

MD5	225f01e0524b9376545e8c4311b622b1
SHA1	c20f71f2a4bb3824ee37c824f24242ae30e66657
SHA256	602dd498d3684e04cc965f9e4424e7fd7112bbaf59f95da182d60b77e5251554
SHA512	fdc305ecf6eb30bb95420f47fdb016f54749be18e985f35f77c51db3f6ab1afee6c95a6e339d12bb0dbc5c5e2b83a71baf4ea615fea37d96c14e574f8c459c47

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-09 20:25

Reported

2024-06-09 20:29

Platform

win10v2004-20240508-en

Max time kernel

139s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\HoneyPot.exe"

Signatures

Quasar RAT

trojan spyware quasar

Quasar payload

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A

Checks computer location settings

Description	Indicator	Process	Target
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A

Executes dropped EXE

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence

Description	Indicator	Process	Target
N/A	N/A	C:\Windows\SYSTEM32\schtasks.exe	N/A
N/A	N/A	C:\Windows\SYSTEM32\schtasks.exe	N/A
N/A	N/A	C:\Windows\SYSTEM32\schtasks.exe	N/A
N/A	N/A	C:\Windows\SYSTEM32\schtasks.exe	N/A
N/A	N/A	C:\Windows\SYSTEM32\schtasks.exe	N/A
N/A	N/A	C:\Windows\SYSTEM32\schtasks.exe	N/A
N/A	N/A	C:\Windows\SYSTEM32\schtasks.exe	N/A
N/A	N/A	C:\Windows\SYSTEM32\schtasks.exe	N/A
N/A	N/A	C:\Windows\SYSTEM32\schtasks.exe	N/A
N/A	N/A	C:\Windows\SYSTEM32\schtasks.exe	N/A
N/A	N/A	C:\Windows\SYSTEM32\schtasks.exe	N/A
N/A	N/A	C:\Windows\SYSTEM32\schtasks.exe	N/A
N/A	N/A	C:\Windows\SYSTEM32\schtasks.exe	N/A

Runs ping.exe

Description	Indicator	Process	Target
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A

Suspicious use of AdjustPrivilegeToken

Description	Indicator	Process	Target
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\HoneyPot.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A

Suspicious use of SetWindowsHookEx

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	N/A

Suspicious use of WriteProcessMemory

Description	Indicator	Process	Target
PID 5072 wrote to memory of 4836	N/A	C:\Users\Admin\AppData\Local\Temp\HoneyPot.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 5072 wrote to memory of 4836	N/A	C:\Users\Admin\AppData\Local\Temp\HoneyPot.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 5072 wrote to memory of 3592	N/A	C:\Users\Admin\AppData\Local\Temp\HoneyPot.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 5072 wrote to memory of 3592	N/A	C:\Users\Admin\AppData\Local\Temp\HoneyPot.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 3592 wrote to memory of 3288	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 3592 wrote to memory of 3288	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 3592 wrote to memory of 2576	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 3592 wrote to memory of 2576	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 2576 wrote to memory of 2656	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 2576 wrote to memory of 2656	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 2576 wrote to memory of 868	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 2576 wrote to memory of 868	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 2576 wrote to memory of 3852	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 2576 wrote to memory of 3852	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 3852 wrote to memory of 1384	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 3852 wrote to memory of 1384	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 3852 wrote to memory of 3848	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 3852 wrote to memory of 3848	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 3848 wrote to memory of 448	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 3848 wrote to memory of 448	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 3848 wrote to memory of 2464	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 3848 wrote to memory of 2464	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 3848 wrote to memory of 924	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 3848 wrote to memory of 924	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 924 wrote to memory of 4836	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 924 wrote to memory of 4836	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 924 wrote to memory of 4568	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 924 wrote to memory of 4568	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 4568 wrote to memory of 2064	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 4568 wrote to memory of 2064	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 4568 wrote to memory of 3636	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 4568 wrote to memory of 3636	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 4568 wrote to memory of 3592	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 4568 wrote to memory of 3592	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 3592 wrote to memory of 3248	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 3592 wrote to memory of 3248	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 3592 wrote to memory of 3204	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 3592 wrote to memory of 3204	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 3204 wrote to memory of 1736	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 3204 wrote to memory of 1736	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 3204 wrote to memory of 3676	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 3204 wrote to memory of 3676	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 3204 wrote to memory of 1012	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 3204 wrote to memory of 1012	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 1012 wrote to memory of 3400	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 1012 wrote to memory of 3400	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 1012 wrote to memory of 1908	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 1012 wrote to memory of 1908	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 1908 wrote to memory of 3944	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 1908 wrote to memory of 3944	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 1908 wrote to memory of 1612	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 1908 wrote to memory of 1612	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 1908 wrote to memory of 4872	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 1908 wrote to memory of 4872	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 4872 wrote to memory of 2568	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 4872 wrote to memory of 2568	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\SYSTEM32\schtasks.exe
PID 4872 wrote to memory of 3492	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 4872 wrote to memory of 3492	N/A	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	C:\Windows\system32\cmd.exe
PID 3492 wrote to memory of 2896	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 3492 wrote to memory of 2896	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\chcp.com
PID 3492 wrote to memory of 2596	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 3492 wrote to memory of 2596	N/A	C:\Windows\system32\cmd.exe	C:\Windows\system32\PING.EXE
PID 3492 wrote to memory of 3356	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
PID 3492 wrote to memory of 3356	N/A	C:\Windows\system32\cmd.exe	C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\HoneyPot.exe

"C:\Users\Admin\AppData\Local\Temp\HoneyPot.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4320,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=1416 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mrvmP3FWI10x.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OndaTxuaN6Dh.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CyuAbMD8nXQ0.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uE6VB3kQAa8N.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\8djhvT2O6mkL.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1vJSijccAyuH.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eLemipRlX6ZL.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rSjwdj5ICVTN.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UXGSlYJ4BAVT.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QNSYKENv3mMp.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Y4EMJuzvwIvb.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KUOpWPPD5zTb.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

Network

Country	Destination	Domain	Proto
US	8.8.8.8:53	8.8.8.8.in-addr.arpa	udp
US	8.8.8.8:53	209.205.72.20.in-addr.arpa	udp
US	8.8.8.8:53	240.197.17.2.in-addr.arpa	udp
US	8.8.8.8:53	14.160.190.20.in-addr.arpa	udp
N/A	224.0.0.251:5353		udp
US	8.8.8.8:53	104.219.191.52.in-addr.arpa	udp
US	8.8.8.8:53	183.59.114.20.in-addr.arpa	udp
US	8.8.8.8:53	56.126.166.20.in-addr.arpa	udp
US	8.8.8.8:53	13.227.111.52.in-addr.arpa	udp
US	8.8.8.8:53	172.210.232.199.in-addr.arpa	udp

Files

memory/5072-0-0x00007FF842863000-0x00007FF842865000-memory.dmp

memory/5072-1-0x00000000003A0000-0x00000000006D8000-memory.dmp

memory/5072-2-0x00007FF842860000-0x00007FF843321000-memory.dmp

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe

MD5	1b1eb2ec84ec46145969c46749dc4063
SHA1	e1a988e15bd7184c9539b6f024ce80ce6b79d95e
SHA256	8c8a3846e1f9c9aef9566158cbe5c69f26ea1d1167f387bea8ab9a6f8de2b31e
SHA512	ccd4ae2047a50772120f59f75dfc9e0ae44af351e3c2871d32c93e32cee0348dc1380d9d2aecae5498608a017f5e8f7ae331ad68cced350dd27eb395525c1142

memory/5072-9-0x00007FF842860000-0x00007FF843321000-memory.dmp

memory/3592-10-0x00007FF842860000-0x00007FF843321000-memory.dmp

memory/3592-11-0x00007FF842860000-0x00007FF843321000-memory.dmp

memory/3592-12-0x00000000031C0000-0x0000000003210000-memory.dmp

memory/3592-13-0x000000001C3E0000-0x000000001C492000-memory.dmp

memory/3592-18-0x00007FF842860000-0x00007FF843321000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\mrvmP3FWI10x.bat

MD5	45b8b894f9706ce7087da8cf237f2758
SHA1	499e0aae791308487b7340de622bbd4de05373c7
SHA256	9f588692125b200a0e6a5fa3786db239ce368ce69fe89b1d0f20cc1bbdaa5985
SHA512	fd268192182fb6c70708eeccb464976da4a1955fd6673531d83129358cba43c8f4417747032f7557c925c9c33ff0c1d92b7191da7a849f7446f7f775e45b63e7

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Byfron.exe.log

MD5	8f0271a63446aef01cf2bfc7b7c7976b
SHA1	b70dad968e1dda14b55ad361b7fd4ef9ab6c06d7
SHA256	da740d78ae00b72cb3710d1a1256dc6431550965d20afaa65e5d5860a4748e8c
SHA512	78a403c69f1284b7dd41527019f3eede3512a5e4d439d846eca83557b741ca37bcf56c412f3e577b9dd4cfa5a6d6210961215f14cb271b143f6eb94f69389cf5

C:\Users\Admin\AppData\Local\Temp\OndaTxuaN6Dh.bat

MD5	20aa0d51d64e29fb19582d88ab72adf1
SHA1	b4776bb9f3699d3820f2824408eb0d8ccb2f2ee2
SHA256	99f4f50853d719030e7031c1f72ba8b723d6edc26d6e45d259a0c386b789eb72
SHA512	8256162dbaf7a32e3b7d0838ba395987834ff5983946bdddada1fc7462dda57ee4e1e873575b7cab0857720f179109c143ee8cac5f1505f86a1f0d19a4de6b11

C:\Users\Admin\AppData\Local\Temp\CyuAbMD8nXQ0.bat

MD5	3c7b78b1da361c75ed663ad0d6defbcb
SHA1	2782cbf70012ae881f5bde55d01d89a1ae52e3e3
SHA256	81ced8f8e2a356f26874957bbb92a7e7a0318ca0da7e1d628fe598922a145223
SHA512	60540ad815a6d9819d28e8402efbde5a51ff09ae6035d139f89c94611e6104ca6fc4f3f62174e23541221868f381cbb8cbf22d6856f7a10ad83ef8554fd29b4b

C:\Users\Admin\AppData\Local\Temp\uE6VB3kQAa8N.bat

MD5	ff4315d9e480288be13d64257ee03e58
SHA1	a62edbf963290ea8691ba5e126faeb70c34ec07a
SHA256	be8ec10cfe2ee03b373958ecc31fd4f5e533c239354b00a384e3884e63fe1504
SHA512	37cfeca359b91e0e77992b48ff7a71df9f62852c741d7d344e57d3972f6b819849c2c5e968372fb6b9aa4dfc7dcd4f75d6eb75bc7a79c3e9eed41020b50488fd

C:\Users\Admin\AppData\Local\Temp\8djhvT2O6mkL.bat

MD5	0f208eff95f164ef3734899441e4592b
SHA1	22de1def50af68c45052532a50cdafc78ec68a65
SHA256	c1ce875290bb4b89f54bb9f0338cd36d37eb8df05902c3fcc65896070f1e369c
SHA512	436b01b448a898b6697824e905abfe237e70e41c810880fc59a3296e427c0282b663f0f4bea4dcfdddf68ad296a2c86e720efee9080852040a447eda3e235491

C:\Users\Admin\AppData\Local\Temp\1vJSijccAyuH.bat

MD5	2ca9e6ff8a745a8dde189d3f5dfa3c37
SHA1	f9950fff3f67435e60edabd7c18799464cf6ad44
SHA256	7103012d7d92f963a11e1ed96b209060c5ef3f964a602cf1bce291cd5dd51735
SHA512	a792f2baf1559a23301316cc3231003fcc44cd6c3c21fdd2385db44d654faff6c1f717b67daedb4eb26e21a9d7513ec1d81afd27f3ed5433830b2c828a1f3809

C:\Users\Admin\AppData\Local\Temp\eLemipRlX6ZL.bat

MD5	5ef73e18a805480938340ae74217edf8
SHA1	b06537b405aa50358bff11f39de1e3a71f6c7945
SHA256	f1ee8ead1ea62f9504593bcd74a8a7035a2818c11740c444bdc90f03007ee441
SHA512	0cb02e3ee3457836d63059aa61462425c14c2ebea0a3a88d6210f2d23fee3de77fa03c1000f3fbd162e857a249e4073ef78b8ef8556cc85ffa4f55f88214442f

C:\Users\Admin\AppData\Local\Temp\rSjwdj5ICVTN.bat

MD5	706b533ceb548ac0c5fc9f002a9d02e9
SHA1	3e209ca386e934eaebb80abab9d57ce6143344eb
SHA256	85a2ba63bd832720ca1345ddfd57481c8651c2595a978fcf76872052420f6f21
SHA512	ccd00c9088d5db5a41cef38c5006b5ee3fc1d5f6a60704cdf6b01a5d62d7fabfb2b552ca4cada30d852ab9e3e094cd8244381f7096ffefa8d29218ed4bb08deb

C:\Users\Admin\AppData\Local\Temp\UXGSlYJ4BAVT.bat

MD5	0b6c726b6af5f27fc1557e1893c2e131
SHA1	53d8f85f3fe7fa88f762788e0f3d1f09b978acd7
SHA256	385ecd571b6fd62aef8ac93ca30367d3528cf5dd0bbe5fcc8d39ffd813adefdb
SHA512	1e1f19d6a11309611f13ea8382fa501ee01ea36d3e093c48dee984fbea5ba3391ce42300a27d31e58abc8191ade44941b994b22541e4217570dad47e565464a5

C:\Users\Admin\AppData\Local\Temp\QNSYKENv3mMp.bat

MD5	09b8ad8c7046d735e470e890ffaf4ca6
SHA1	8272c8936c268e4f4bb31670607dd2610bc3d257
SHA256	24fc3d87f2022ba1f2995d52047417783b3d4296eedc4bf76134c8a5324cddda
SHA512	f9b0cb326527dbb41bd1235533c562e9e26437bcecb2756860a1caaa83ecfab92be5b0543eae88f8424131e0305b43b5b654d882e1ced0f89d049e76683b1706

C:\Users\Admin\AppData\Local\Temp\Y4EMJuzvwIvb.bat

MD5	e8e0bf7904d37c3640ba4e34dbd043ce
SHA1	1b3c91427344151f74c7f52875a2a52f6f3070c1
SHA256	91ccbac3d5d6e0b16329c69f92e4551542ccf675eb99dfd754b6caa6a73d73e2
SHA512	317ba2bd33e612bc91e0191b8d6b10b93c6d92c87dffdf53937252714134e114e137860baa6fc206b2564fc189ba6e7e8b9d3a0c822e354126bfe96ce88166b6

C:\Users\Admin\AppData\Local\Temp\KUOpWPPD5zTb.bat

MD5	1007b6ca6c688635466c27890fc20700
SHA1	e7b2e4dbb08925fb2c4b558d399590373d93f489
SHA256	184174e20ecc6d7c30a336ed3c39e3f30f96a4d73cef21a229bdcace54dd8cb7
SHA512	8033d771291b3348f8cd7ae34ebf44bc2594be925c83d667bf7adb6e7061a184a744436914f824f7d377271952ac0f6077f3aa7034d5c4c06b5f60ccbcc109ce

Malware Analysis Report

2024-08-06 11:49

Table of Contents

Analysis Overview

Threat Level: Known bad

Malicious Activity Summary

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files