Overview

overview

10

Static

static

4

xxwewe33/B...to.dll

windows7-x64

1

xxwewe33/B...to.dll

windows10-2004-x64

1

xxwewe33/E...IE.exe

windows7-x64

10

xxwewe33/E...IE.exe

windows10-2004-x64

10

xxwewe33/S...op.dll

windows7-x64

1

xxwewe33/S...op.dll

windows10-2004-x64

1

xxwewe33/S...rs.dll

windows7-x64

1

xxwewe33/S...rs.dll

windows10-2004-x64

1

xxwewe33/S...te.dll

windows7-x64

1

xxwewe33/S...te.dll

windows10-2004-x64

1

xxwewe33/S...ry.dll

windows7-x64

1

xxwewe33/S...ry.dll

windows10-2004-x64

1

xxwewe33/S...rs.dll

windows7-x64

1

xxwewe33/S...rs.dll

windows10-2004-x64

1

xxwewe33/S...fe.dll

windows7-x64

1

xxwewe33/S...fe.dll

windows10-2004-x64

1

xxwewe33/S...on.dll

windows7-x64

1

xxwewe33/S...on.dll

windows10-2004-x64

1

xxwewe33/a...-0.dll

windows10-2004-x64

3

xxwewe33/a...-0.dll

windows10-2004-x64

3

xxwewe33/a...-0.dll

windows10-2004-x64

3

xxwewe33/a...-0.dll

windows10-2004-x64

3

xxwewe33/a...-0.dll

windows10-2004-x64

3

xxwewe33/a...-0.dll

windows10-2004-x64

3

xxwewe33/a...-0.dll

windows10-2004-x64

3

xxwewe33/a...-0.dll

windows10-2004-x64

3

xxwewe33/a...-0.dll

windows10-2004-x64

3

xxwewe33/a...-0.dll

windows10-2004-x64

3

xxwewe33/a...-0.dll

windows10-2004-x64

3

xxwewe33/a...-0.dll

windows10-2004-x64

3

xxwewe33/a...-0.dll

windows10-2004-x64

3

xxwewe33/a...-0.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    134s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/08/2024, 01:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xxwewe33/EIUWI383IE.exe

  • Size

    639KB

  • MD5

    c00caf990793d69120a0abc4bf0e3210

  • SHA1

    f5556f65bdbc1dd62286d353312646215a14f079

  • SHA256

    04c777837d0d418e78fddbbb35587b205e1a424adda5a552363e2164cf2df686

  • SHA512

    a93365fc0ecf746c074d08fd784c6af7556d06e2646b2b167b67d03554e8dcc37f67804562fcdb4a09a2e117db3f893e4cc192280145531354cea7605e834e14

  • SSDEEP

    6144:T2aV3QDwJdsnu08zrJU/3AsBzDxm4GBohCv3ER0u+GIIIIIIIhIIIIIIIIIIIIIK:T2aJQDw/snpCu3j+4GBocsm5Q05

Score
10/10
quasarspywaretrojan

Malware Config

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\xxwewe33\EIUWI383IE.exe
    "C:\Users\Admin\AppData\Local\Temp\xxwewe33\EIUWI383IE.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4864-0-0x000002C641B70000-0x000002C641B80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4864-1-0x00007FFAA6CC3000-0x00007FFAA6CC5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4864-2-0x000002C65ACF0000-0x000002C65B57A000-memory.dmp

    Filesize

    8.5MB

    Download

  • memory/4864-3-0x00007FFAA7790000-0x00007FFAA801A000-memory.dmp

    Filesize

    8.5MB

    Download

  • memory/4864-5-0x000002C65A810000-0x000002C65A822000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4864-6-0x00007FFAA6CC0000-0x00007FFAA7781000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4864-8-0x000002C641B70000-0x000002C641B80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4864-9-0x00007FFAA6CC3000-0x00007FFAA6CC5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4864-10-0x00007FFAA6CC0000-0x00007FFAA7781000-memory.dmp

    Filesize

    10.8MB

    Download