resource	yara_rule
behavioral1/memory/2172-1-0x0000000001020000-0x0000000001344000-memory.dmp	family_quasar
behavioral1/files/0x0014000000016fc9-5.dat	family_quasar
behavioral1/memory/3008-8-0x0000000001160000-0x0000000001484000-memory.dmp	family_quasar
behavioral1/memory/2248-22-0x0000000000230000-0x0000000000554000-memory.dmp	family_quasar
behavioral1/memory/3036-34-0x00000000009A0000-0x0000000000CC4000-memory.dmp	family_quasar
behavioral1/memory/824-57-0x0000000000A40000-0x0000000000D64000-memory.dmp	family_quasar
behavioral1/memory/1008-68-0x00000000002F0000-0x0000000000614000-memory.dmp	family_quasar
behavioral1/memory/2660-79-0x0000000000110000-0x0000000000434000-memory.dmp	family_quasar
behavioral1/memory/2744-92-0x0000000000340000-0x0000000000664000-memory.dmp	family_quasar
behavioral1/memory/1736-103-0x00000000000B0000-0x00000000003D4000-memory.dmp	family_quasar
behavioral1/memory/1792-115-0x00000000013C0000-0x00000000016E4000-memory.dmp	family_quasar
behavioral1/memory/2604-126-0x0000000000290000-0x00000000005B4000-memory.dmp	family_quasar
behavioral1/memory/2012-147-0x0000000000140000-0x0000000000464000-memory.dmp	family_quasar
behavioral1/memory/2296-158-0x0000000001360000-0x0000000001684000-memory.dmp	family_quasar
behavioral1/memory/2244-200-0x00000000001B0000-0x00000000004D4000-memory.dmp	family_quasar
behavioral1/memory/1916-210-0x0000000000FD0000-0x00000000012F4000-memory.dmp	family_quasar
behavioral1/memory/2260-219-0x00000000010B0000-0x00000000013D4000-memory.dmp	family_quasar
behavioral1/memory/2420-228-0x0000000000150000-0x0000000000474000-memory.dmp	family_quasar
behavioral1/memory/3004-237-0x00000000011D0000-0x00000000014F4000-memory.dmp	family_quasar
behavioral1/memory/2044-270-0x00000000002C0000-0x00000000005E4000-memory.dmp	family_quasar
behavioral1/memory/2984-279-0x00000000002A0000-0x00000000005C4000-memory.dmp	family_quasar
behavioral1/memory/568-288-0x00000000008B0000-0x0000000000BD4000-memory.dmp	family_quasar
behavioral1/memory/2816-297-0x00000000001C0000-0x00000000004E4000-memory.dmp	family_quasar
behavioral1/memory/1676-306-0x0000000000FB0000-0x00000000012D4000-memory.dmp	family_quasar
behavioral1/memory/1712-315-0x00000000013A0000-0x00000000016C4000-memory.dmp	family_quasar
behavioral1/memory/2596-364-0x0000000000A70000-0x0000000000D94000-memory.dmp	family_quasar
behavioral1/memory/1784-373-0x0000000000BE0000-0x0000000000F04000-memory.dmp	family_quasar
behavioral1/memory/2940-398-0x0000000001210000-0x0000000001534000-memory.dmp	family_quasar
behavioral1/memory/1748-447-0x0000000001350000-0x0000000001674000-memory.dmp	family_quasar
behavioral1/memory/1956-464-0x00000000000C0000-0x00000000003E4000-memory.dmp	family_quasar
behavioral1/memory/1288-473-0x00000000001D0000-0x00000000004F4000-memory.dmp	family_quasar
behavioral1/memory/2804-482-0x0000000000F20000-0x0000000001244000-memory.dmp	family_quasar
behavioral1/memory/1188-491-0x0000000000160000-0x0000000000484000-memory.dmp	family_quasar
behavioral1/memory/1028-500-0x0000000000BB0000-0x0000000000ED4000-memory.dmp	family_quasar
behavioral1/memory/2224-509-0x00000000002B0000-0x00000000005D4000-memory.dmp	family_quasar
behavioral1/memory/956-518-0x0000000001240000-0x0000000001564000-memory.dmp	family_quasar
behavioral1/memory/1972-527-0x00000000003D0000-0x00000000006F4000-memory.dmp	family_quasar
behavioral1/memory/2536-536-0x00000000012C0000-0x00000000015E4000-memory.dmp	family_quasar
behavioral1/memory/2168-553-0x0000000000070000-0x0000000000394000-memory.dmp	family_quasar
behavioral1/memory/632-562-0x0000000000EA0000-0x00000000011C4000-memory.dmp	family_quasar
behavioral1/memory/3020-579-0x0000000000ED0000-0x00000000011F4000-memory.dmp	family_quasar
behavioral1/memory/764-604-0x0000000001320000-0x0000000001644000-memory.dmp	family_quasar
behavioral1/memory/1512-613-0x0000000000170000-0x0000000000494000-memory.dmp	family_quasar
behavioral1/memory/2640-622-0x0000000000D20000-0x0000000001044000-memory.dmp	family_quasar
behavioral1/memory/2728-631-0x00000000000A0000-0x00000000003C4000-memory.dmp	family_quasar
behavioral1/memory/2060-640-0x0000000000CD0000-0x0000000000FF4000-memory.dmp	family_quasar
behavioral1/memory/2856-649-0x0000000000370000-0x0000000000694000-memory.dmp	family_quasar
behavioral1/memory/1620-658-0x0000000000E50000-0x0000000001174000-memory.dmp	family_quasar
behavioral1/memory/2612-667-0x00000000011A0000-0x00000000014C4000-memory.dmp	family_quasar
behavioral1/memory/1532-692-0x0000000000260000-0x0000000000584000-memory.dmp	family_quasar
behavioral1/memory/1800-701-0x0000000000830000-0x0000000000B54000-memory.dmp	family_quasar
behavioral1/memory/2896-710-0x0000000001290000-0x00000000015B4000-memory.dmp	family_quasar

pid	Process
3008	Client.exe
2248	Client.exe
3036	Client.exe
2196	Client.exe
824	Client.exe
1008	Client.exe
2660	Client.exe
2744	Client.exe
1736	Client.exe
1792	Client.exe
2604	Client.exe
600	Client.exe
2012	Client.exe
2296	Client.exe
2768	Client.exe
1252	Client.exe
1796	Client.exe
2244	Client.exe
1916	Client.exe
2260	Client.exe
2420	Client.exe
3004	Client.exe
2932	Client.exe
836	Client.exe
316	Client.exe
2044	Client.exe
2984	Client.exe
568	Client.exe
2816	Client.exe
1676	Client.exe
1712	Client.exe
1656	Client.exe
1572	Client.exe
1528	Client.exe
2100	Client.exe
2280	Client.exe
2596	Client.exe
1784	Client.exe
1536	Client.exe
2812	Client.exe
2940	Client.exe
3016	Client.exe
560	Client.exe
1872	Client.exe
912	Client.exe
1308	Client.exe
1748	Client.exe
840	Client.exe
1956	Client.exe
1288	Client.exe
2804	Client.exe
1188	Client.exe
1028	Client.exe
2224	Client.exe
956	Client.exe
1972	Client.exe
2536	Client.exe
1128	Client.exe
2168	Client.exe
632	Client.exe
2636	Client.exe
3020	Client.exe
3052	Client.exe
1980	Client.exe

pid	Process
856	PING.EXE
1392	PING.EXE
1688	PING.EXE
2972	PING.EXE
3060	PING.EXE
2364	PING.EXE
1128	PING.EXE
1808	PING.EXE
3068	PING.EXE
2336	PING.EXE
2228	PING.EXE
1808	PING.EXE
2508	PING.EXE
520	PING.EXE
2952	PING.EXE
1480	PING.EXE
2864	PING.EXE
1336	PING.EXE
1504	PING.EXE
1800	PING.EXE
2268	PING.EXE
2152	PING.EXE
1812	PING.EXE
1044	PING.EXE
692	PING.EXE
540	PING.EXE
820	PING.EXE
268	PING.EXE
2188	PING.EXE
2404	PING.EXE
1652	PING.EXE
1832	PING.EXE
2624	PING.EXE
2396	PING.EXE
2668	PING.EXE
2884	PING.EXE
1812	PING.EXE
2144	PING.EXE
264	PING.EXE
552	PING.EXE
2832	PING.EXE
1476	PING.EXE
820	PING.EXE
2496	PING.EXE
1240	PING.EXE
1576	PING.EXE
964	PING.EXE
2348	PING.EXE
2944	PING.EXE
308	PING.EXE
540	PING.EXE
2568	PING.EXE
2236	PING.EXE
2656	PING.EXE
3068	PING.EXE
328	PING.EXE
1548	PING.EXE
2312	PING.EXE
1648	PING.EXE
2876	PING.EXE
2812	PING.EXE
2280	PING.EXE
1012	PING.EXE
3068	PING.EXE

pid	Process
2972	PING.EXE
3048	PING.EXE
540	PING.EXE
1652	PING.EXE
2444	PING.EXE
1528	PING.EXE
1696	PING.EXE
820	PING.EXE
308	PING.EXE
1240	PING.EXE
1128	PING.EXE
1808	PING.EXE
1476	PING.EXE
1688	PING.EXE
1044	PING.EXE
1548	PING.EXE
3068	PING.EXE
2876	PING.EXE
2316	PING.EXE
2092	PING.EXE
2152	PING.EXE
2336	PING.EXE
328	PING.EXE
264	PING.EXE
1564	PING.EXE
1812	PING.EXE
2812	PING.EXE
2656	PING.EXE
2348	PING.EXE
2832	PING.EXE
1808	PING.EXE
2228	PING.EXE
2568	PING.EXE
856	PING.EXE
2076	PING.EXE
2884	PING.EXE
2236	PING.EXE
2268	PING.EXE
964	PING.EXE
2864	PING.EXE
552	PING.EXE
2668	PING.EXE
2188	PING.EXE
2364	PING.EXE
1652	PING.EXE
2780	PING.EXE
1812	PING.EXE
1576	PING.EXE
2312	PING.EXE
1832	PING.EXE
2624	PING.EXE
820	PING.EXE
1756	PING.EXE
520	PING.EXE
2404	PING.EXE
3068	PING.EXE
1504	PING.EXE
2496	PING.EXE
2952	PING.EXE
2280	PING.EXE
1480	PING.EXE
1336	PING.EXE
268	PING.EXE
2384	PING.EXE

pid	Process
2716	schtasks.exe
2296	schtasks.exe
1048	schtasks.exe
1620	schtasks.exe
2068	schtasks.exe
856	schtasks.exe
1148	schtasks.exe
1308	schtasks.exe
1584	schtasks.exe
2668	schtasks.exe
1076	schtasks.exe
2564	schtasks.exe
2720	schtasks.exe
2208	schtasks.exe
1036	schtasks.exe
1724	schtasks.exe
2948	schtasks.exe
1864	schtasks.exe
3048	schtasks.exe
2396	schtasks.exe
540	schtasks.exe
2900	schtasks.exe
1336	schtasks.exe
2416	schtasks.exe
2756	schtasks.exe
2440	schtasks.exe
1728	schtasks.exe
1528	schtasks.exe
1680	schtasks.exe
2084	schtasks.exe
432	schtasks.exe
2448	schtasks.exe
3028	schtasks.exe
3048	schtasks.exe
2440	schtasks.exe
2804	schtasks.exe
1300	schtasks.exe
1672	schtasks.exe
1028	schtasks.exe
904	schtasks.exe
2948	schtasks.exe
1740	schtasks.exe
2648	schtasks.exe
2844	schtasks.exe
2368	schtasks.exe
2648	schtasks.exe
828	schtasks.exe
2616	schtasks.exe
1788	schtasks.exe
2348	schtasks.exe
2204	schtasks.exe
2116	schtasks.exe
1048	schtasks.exe
872	schtasks.exe
2408	schtasks.exe
2720	schtasks.exe
2416	schtasks.exe
2208	schtasks.exe
2680	schtasks.exe
2116	schtasks.exe
1564	schtasks.exe
2972	schtasks.exe
1076	schtasks.exe
2080	schtasks.exe

description	pid	Process
Token: SeDebugPrivilege	2172	Client-built.exe
Token: SeDebugPrivilege	3008	Client.exe
Token: SeDebugPrivilege	2248	Client.exe
Token: SeDebugPrivilege	3036	Client.exe
Token: SeDebugPrivilege	2196	Client.exe
Token: SeDebugPrivilege	824	Client.exe
Token: SeDebugPrivilege	1008	Client.exe
Token: SeDebugPrivilege	2660	Client.exe
Token: SeDebugPrivilege	2744	Client.exe
Token: SeDebugPrivilege	1736	Client.exe
Token: SeDebugPrivilege	1792	Client.exe
Token: SeDebugPrivilege	2604	Client.exe
Token: SeDebugPrivilege	600	Client.exe
Token: SeDebugPrivilege	2012	Client.exe
Token: SeDebugPrivilege	2296	Client.exe
Token: SeDebugPrivilege	2768	Client.exe
Token: SeDebugPrivilege	1252	Client.exe
Token: SeDebugPrivilege	1796	Client.exe
Token: SeDebugPrivilege	2244	Client.exe
Token: SeDebugPrivilege	1916	Client.exe
Token: SeDebugPrivilege	2260	Client.exe
Token: SeDebugPrivilege	2420	Client.exe
Token: SeDebugPrivilege	3004	Client.exe
Token: SeDebugPrivilege	2932	Client.exe
Token: SeDebugPrivilege	836	Client.exe
Token: SeDebugPrivilege	316	Client.exe
Token: SeDebugPrivilege	2044	Client.exe
Token: SeDebugPrivilege	2984	Client.exe
Token: SeDebugPrivilege	568	Client.exe
Token: SeDebugPrivilege	2816	Client.exe
Token: SeDebugPrivilege	1676	Client.exe
Token: SeDebugPrivilege	1712	Client.exe
Token: SeDebugPrivilege	1656	Client.exe
Token: SeDebugPrivilege	1572	Client.exe
Token: SeDebugPrivilege	1528	Client.exe
Token: SeDebugPrivilege	2100	Client.exe
Token: SeDebugPrivilege	2280	Client.exe
Token: SeDebugPrivilege	2596	Client.exe
Token: SeDebugPrivilege	1784	Client.exe
Token: SeDebugPrivilege	1536	Client.exe
Token: SeDebugPrivilege	2812	Client.exe
Token: SeDebugPrivilege	2940	Client.exe
Token: SeDebugPrivilege	3016	Client.exe
Token: SeDebugPrivilege	560	Client.exe
Token: SeDebugPrivilege	1872	Client.exe
Token: SeDebugPrivilege	912	Client.exe
Token: SeDebugPrivilege	1308	Client.exe
Token: SeDebugPrivilege	1748	Client.exe
Token: SeDebugPrivilege	840	Client.exe
Token: SeDebugPrivilege	1956	Client.exe
Token: SeDebugPrivilege	1288	Client.exe
Token: SeDebugPrivilege	2804	Client.exe
Token: SeDebugPrivilege	1188	Client.exe
Token: SeDebugPrivilege	1028	Client.exe
Token: SeDebugPrivilege	2224	Client.exe
Token: SeDebugPrivilege	956	Client.exe
Token: SeDebugPrivilege	1972	Client.exe
Token: SeDebugPrivilege	2536	Client.exe
Token: SeDebugPrivilege	1128	Client.exe
Token: SeDebugPrivilege	2168	Client.exe
Token: SeDebugPrivilege	632	Client.exe
Token: SeDebugPrivilege	2636	Client.exe
Token: SeDebugPrivilege	3020	Client.exe
Token: SeDebugPrivilege	3052	Client.exe

description	pid	Process	procid_target
PID 2172 wrote to memory of 2864	2172	Client-built.exe	29
PID 2172 wrote to memory of 2864	2172	Client-built.exe	29
PID 2172 wrote to memory of 2864	2172	Client-built.exe	29
PID 2172 wrote to memory of 3008	2172	Client-built.exe	31
PID 2172 wrote to memory of 3008	2172	Client-built.exe	31
PID 2172 wrote to memory of 3008	2172	Client-built.exe	31
PID 3008 wrote to memory of 2832	3008	Client.exe	32
PID 3008 wrote to memory of 2832	3008	Client.exe	32
PID 3008 wrote to memory of 2832	3008	Client.exe	32
PID 3008 wrote to memory of 3004	3008	Client.exe	34
PID 3008 wrote to memory of 3004	3008	Client.exe	34
PID 3008 wrote to memory of 3004	3008	Client.exe	34
PID 3004 wrote to memory of 2736	3004	cmd.exe	36
PID 3004 wrote to memory of 2736	3004	cmd.exe	36
PID 3004 wrote to memory of 2736	3004	cmd.exe	36
PID 3004 wrote to memory of 2780	3004	cmd.exe	37
PID 3004 wrote to memory of 2780	3004	cmd.exe	37
PID 3004 wrote to memory of 2780	3004	cmd.exe	37
PID 3004 wrote to memory of 2248	3004	cmd.exe	38
PID 3004 wrote to memory of 2248	3004	cmd.exe	38
PID 3004 wrote to memory of 2248	3004	cmd.exe	38
PID 2248 wrote to memory of 3048	2248	Client.exe	39
PID 2248 wrote to memory of 3048	2248	Client.exe	39
PID 2248 wrote to memory of 3048	2248	Client.exe	39
PID 2248 wrote to memory of 968	2248	Client.exe	41
PID 2248 wrote to memory of 968	2248	Client.exe	41
PID 2248 wrote to memory of 968	2248	Client.exe	41
PID 968 wrote to memory of 2816	968	cmd.exe	43
PID 968 wrote to memory of 2816	968	cmd.exe	43
PID 968 wrote to memory of 2816	968	cmd.exe	43
PID 968 wrote to memory of 2496	968	cmd.exe	44
PID 968 wrote to memory of 2496	968	cmd.exe	44
PID 968 wrote to memory of 2496	968	cmd.exe	44
PID 968 wrote to memory of 3036	968	cmd.exe	45
PID 968 wrote to memory of 3036	968	cmd.exe	45
PID 968 wrote to memory of 3036	968	cmd.exe	45
PID 3036 wrote to memory of 2416	3036	Client.exe	46
PID 3036 wrote to memory of 2416	3036	Client.exe	46
PID 3036 wrote to memory of 2416	3036	Client.exe	46
PID 3036 wrote to memory of 1248	3036	Client.exe	48
PID 3036 wrote to memory of 1248	3036	Client.exe	48
PID 3036 wrote to memory of 1248	3036	Client.exe	48
PID 1248 wrote to memory of 836	1248	cmd.exe	50
PID 1248 wrote to memory of 836	1248	cmd.exe	50
PID 1248 wrote to memory of 836	1248	cmd.exe	50
PID 1248 wrote to memory of 1240	1248	cmd.exe	51
PID 1248 wrote to memory of 1240	1248	cmd.exe	51
PID 1248 wrote to memory of 1240	1248	cmd.exe	51
PID 1248 wrote to memory of 2196	1248	cmd.exe	52
PID 1248 wrote to memory of 2196	1248	cmd.exe	52
PID 1248 wrote to memory of 2196	1248	cmd.exe	52
PID 2196 wrote to memory of 2440	2196	Client.exe	53
PID 2196 wrote to memory of 2440	2196	Client.exe	53
PID 2196 wrote to memory of 2440	2196	Client.exe	53
PID 2196 wrote to memory of 2408	2196	Client.exe	55
PID 2196 wrote to memory of 2408	2196	Client.exe	55
PID 2196 wrote to memory of 2408	2196	Client.exe	55
PID 2408 wrote to memory of 560	2408	cmd.exe	57
PID 2408 wrote to memory of 560	2408	cmd.exe	57
PID 2408 wrote to memory of 560	2408	cmd.exe	57
PID 2408 wrote to memory of 268	2408	cmd.exe	58
PID 2408 wrote to memory of 268	2408	cmd.exe	58
PID 2408 wrote to memory of 268	2408	cmd.exe	58
PID 2408 wrote to memory of 824	2408	cmd.exe	59

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads