resource	yara_rule
behavioral4/memory/1280-1-0x0000000000480000-0x00000000007A4000-memory.dmp	family_quasar
behavioral4/files/0x001b00000002aa74-5.dat	family_quasar

pid	Process
764	Client.exe
4584	Client.exe
568	Client.exe
3892	Client.exe
4844	Client.exe
2556	Client.exe
1448	Client.exe
2152	Client.exe
4492	Client.exe
1228	Client.exe
3220	Client.exe
2692	Client.exe
752	Client.exe
1092	Client.exe
2588	Client.exe
3572	Client.exe
2988	Client.exe
3200	Client.exe
3380	Client.exe
4080	Client.exe
72	Client.exe
3944	Client.exe
396	Client.exe
1700	Client.exe
244	Client.exe
4736	Client.exe
468	Client.exe
3532	Client.exe
1620	Client.exe
2932	Client.exe
4612	Client.exe
4044	Client.exe
4228	Client.exe
1028	Client.exe
1900	Client.exe
3284	Client.exe
2224	Client.exe
2636	Client.exe
2700	Client.exe
1084	Client.exe
4252	Client.exe
2360	Client.exe
4200	Client.exe
2280	Client.exe
4416	Client.exe
3488	Client.exe
1668	Client.exe
788	Client.exe
4352	Client.exe
2876	Client.exe
3132	Client.exe
4148	Client.exe
2380	Client.exe
1396	Client.exe
464	Client.exe
2512	Client.exe
440	Client.exe
3052	Client.exe
3148	Client.exe
4444	Client.exe
4424	Client.exe
4896	Client.exe
3952	Client.exe
1708	Client.exe

pid	Process
4444	PING.EXE
428	PING.EXE
3048	PING.EXE
728	PING.EXE
3608	PING.EXE
1832	PING.EXE
4072	PING.EXE
336	PING.EXE
784	PING.EXE
1436	PING.EXE
4636	PING.EXE
4120	PING.EXE
1852	PING.EXE
1328	PING.EXE
2984	PING.EXE
4192	PING.EXE
1344	PING.EXE
2560	PING.EXE
3676	PING.EXE
4112	PING.EXE
3792	PING.EXE
2872	PING.EXE
4652	PING.EXE
4132	PING.EXE
5028	PING.EXE
4272	PING.EXE
1600	PING.EXE
1220	PING.EXE
2880	PING.EXE
3180	PING.EXE
2304	PING.EXE
2808	PING.EXE
2808	PING.EXE
4484	PING.EXE
4228	PING.EXE
472	PING.EXE
4468	PING.EXE
4128	PING.EXE
2736	PING.EXE
3244	PING.EXE
852	PING.EXE
4132	PING.EXE
1148	PING.EXE
1716	PING.EXE
2320	PING.EXE
4232	PING.EXE
32	PING.EXE
5032	PING.EXE
4084	PING.EXE
3784	PING.EXE
2172	PING.EXE
3948	PING.EXE
3832	PING.EXE
4000	PING.EXE
1804	PING.EXE
2456	PING.EXE
696	PING.EXE
3940	PING.EXE
492	PING.EXE
968	PING.EXE
1784	PING.EXE
4484	PING.EXE
336	PING.EXE
2944	PING.EXE

pid	Process
936	schtasks.exe
8	schtasks.exe
124	schtasks.exe
4620	schtasks.exe
1940	schtasks.exe
776	schtasks.exe
3248	schtasks.exe
912	schtasks.exe
848	schtasks.exe
1064	schtasks.exe
1568	schtasks.exe
2904	schtasks.exe
1004	schtasks.exe
1296	schtasks.exe
4112	schtasks.exe
936	schtasks.exe
4456	schtasks.exe
2800	schtasks.exe
2420	schtasks.exe
1336	schtasks.exe
3900	schtasks.exe
3400	schtasks.exe
660	schtasks.exe
1016	schtasks.exe
3816	schtasks.exe
2940	schtasks.exe
4300	schtasks.exe
2288	schtasks.exe
3136	schtasks.exe
752	schtasks.exe
2692	schtasks.exe
4756	schtasks.exe
364	schtasks.exe
3408	schtasks.exe
3296	schtasks.exe
3712	schtasks.exe
2884	schtasks.exe
2076	schtasks.exe
2812	schtasks.exe
1456	schtasks.exe
1568	schtasks.exe
3884	schtasks.exe
3216	schtasks.exe
1956	schtasks.exe
1368	schtasks.exe
1252	schtasks.exe
4444	schtasks.exe
2812	schtasks.exe
4860	schtasks.exe
1784	schtasks.exe
2360	schtasks.exe
3612	schtasks.exe
1840	schtasks.exe
4088	schtasks.exe
492	schtasks.exe
3752	schtasks.exe
220	schtasks.exe
4212	schtasks.exe
3756	schtasks.exe
4492	schtasks.exe
3840	schtasks.exe
4984	schtasks.exe
4644	schtasks.exe
3548	schtasks.exe

description	pid	Process
Token: SeDebugPrivilege	1280	Client-built.exe
Token: SeDebugPrivilege	764	Client.exe
Token: SeDebugPrivilege	4584	Client.exe
Token: SeDebugPrivilege	568	Client.exe
Token: SeDebugPrivilege	3892	Client.exe
Token: SeDebugPrivilege	4844	Client.exe
Token: SeDebugPrivilege	2556	Client.exe
Token: SeDebugPrivilege	1448	Client.exe
Token: SeDebugPrivilege	2152	Client.exe
Token: SeDebugPrivilege	4492	Client.exe
Token: SeDebugPrivilege	1228	Client.exe
Token: SeDebugPrivilege	3220	Client.exe
Token: SeDebugPrivilege	2692	Client.exe
Token: SeDebugPrivilege	752	Client.exe
Token: SeDebugPrivilege	1092	Client.exe
Token: SeDebugPrivilege	2588	Client.exe
Token: SeDebugPrivilege	3572	Client.exe
Token: SeDebugPrivilege	2988	Client.exe
Token: SeDebugPrivilege	3200	Client.exe
Token: SeDebugPrivilege	3380	Client.exe
Token: SeDebugPrivilege	4080	Client.exe
Token: SeDebugPrivilege	72	Client.exe
Token: SeDebugPrivilege	3944	Client.exe
Token: SeDebugPrivilege	396	Client.exe
Token: SeDebugPrivilege	1700	Client.exe
Token: SeDebugPrivilege	244	Client.exe
Token: SeDebugPrivilege	4736	Client.exe
Token: SeDebugPrivilege	468	Client.exe
Token: SeDebugPrivilege	3532	Client.exe
Token: SeDebugPrivilege	1620	Client.exe
Token: SeDebugPrivilege	2932	Client.exe
Token: SeDebugPrivilege	4612	Client.exe
Token: SeDebugPrivilege	4044	Client.exe
Token: SeDebugPrivilege	4228	Client.exe
Token: SeDebugPrivilege	1028	Client.exe
Token: SeDebugPrivilege	1900	Client.exe
Token: SeDebugPrivilege	3284	Client.exe
Token: SeDebugPrivilege	2224	Client.exe
Token: SeDebugPrivilege	2636	Client.exe
Token: SeDebugPrivilege	2700	Client.exe
Token: SeDebugPrivilege	1084	Client.exe
Token: SeDebugPrivilege	4252	Client.exe
Token: SeDebugPrivilege	2360	Client.exe
Token: SeDebugPrivilege	4200	Client.exe
Token: SeDebugPrivilege	2280	Client.exe
Token: SeDebugPrivilege	4416	Client.exe
Token: SeDebugPrivilege	3488	Client.exe
Token: SeDebugPrivilege	1668	Client.exe
Token: SeDebugPrivilege	788	Client.exe
Token: SeDebugPrivilege	4352	Client.exe
Token: SeDebugPrivilege	2876	Client.exe
Token: SeDebugPrivilege	3132	Client.exe
Token: SeDebugPrivilege	4148	Client.exe
Token: SeDebugPrivilege	2380	Client.exe
Token: SeDebugPrivilege	1396	Client.exe
Token: SeDebugPrivilege	464	Client.exe
Token: SeDebugPrivilege	2512	Client.exe
Token: SeDebugPrivilege	440	Client.exe
Token: SeDebugPrivilege	3052	Client.exe
Token: SeDebugPrivilege	3148	Client.exe
Token: SeDebugPrivilege	4444	Client.exe
Token: SeDebugPrivilege	4424	Client.exe
Token: SeDebugPrivilege	4896	Client.exe
Token: SeDebugPrivilege	3952	Client.exe

description	pid	Process	procid_target
PID 1280 wrote to memory of 4764	1280	Client-built.exe	81
PID 1280 wrote to memory of 4764	1280	Client-built.exe	81
PID 1280 wrote to memory of 764	1280	Client-built.exe	83
PID 1280 wrote to memory of 764	1280	Client-built.exe	83
PID 764 wrote to memory of 4492	764	Client.exe	84
PID 764 wrote to memory of 4492	764	Client.exe	84
PID 764 wrote to memory of 2788	764	Client.exe	86
PID 764 wrote to memory of 2788	764	Client.exe	86
PID 2788 wrote to memory of 1860	2788	cmd.exe	88
PID 2788 wrote to memory of 1860	2788	cmd.exe	88
PID 2788 wrote to memory of 4128	2788	cmd.exe	89
PID 2788 wrote to memory of 4128	2788	cmd.exe	89
PID 2788 wrote to memory of 4584	2788	cmd.exe	90
PID 2788 wrote to memory of 4584	2788	cmd.exe	90
PID 4584 wrote to memory of 1344	4584	Client.exe	91
PID 4584 wrote to memory of 1344	4584	Client.exe	91
PID 4584 wrote to memory of 3596	4584	Client.exe	93
PID 4584 wrote to memory of 3596	4584	Client.exe	93
PID 3596 wrote to memory of 1144	3596	cmd.exe	95
PID 3596 wrote to memory of 1144	3596	cmd.exe	95
PID 3596 wrote to memory of 1220	3596	cmd.exe	96
PID 3596 wrote to memory of 1220	3596	cmd.exe	96
PID 3596 wrote to memory of 568	3596	cmd.exe	97
PID 3596 wrote to memory of 568	3596	cmd.exe	97
PID 568 wrote to memory of 752	568	Client.exe	98
PID 568 wrote to memory of 752	568	Client.exe	98
PID 568 wrote to memory of 2620	568	Client.exe	100
PID 568 wrote to memory of 2620	568	Client.exe	100
PID 2620 wrote to memory of 2948	2620	cmd.exe	102
PID 2620 wrote to memory of 2948	2620	cmd.exe	102
PID 2620 wrote to memory of 3940	2620	cmd.exe	103
PID 2620 wrote to memory of 3940	2620	cmd.exe	103
PID 2620 wrote to memory of 3892	2620	cmd.exe	104
PID 2620 wrote to memory of 3892	2620	cmd.exe	104
PID 3892 wrote to memory of 364	3892	Client.exe	106
PID 3892 wrote to memory of 364	3892	Client.exe	106
PID 3892 wrote to memory of 1952	3892	Client.exe	108
PID 3892 wrote to memory of 1952	3892	Client.exe	108
PID 1952 wrote to memory of 1372	1952	cmd.exe	110
PID 1952 wrote to memory of 1372	1952	cmd.exe	110
PID 1952 wrote to memory of 4444	1952	cmd.exe	111
PID 1952 wrote to memory of 4444	1952	cmd.exe	111
PID 1952 wrote to memory of 4844	1952	cmd.exe	118
PID 1952 wrote to memory of 4844	1952	cmd.exe	118
PID 4844 wrote to memory of 3400	4844	Client.exe	119
PID 4844 wrote to memory of 3400	4844	Client.exe	119
PID 4844 wrote to memory of 4812	4844	Client.exe	121
PID 4844 wrote to memory of 4812	4844	Client.exe	121
PID 4812 wrote to memory of 3632	4812	cmd.exe	123
PID 4812 wrote to memory of 3632	4812	cmd.exe	123
PID 4812 wrote to memory of 1852	4812	cmd.exe	124
PID 4812 wrote to memory of 1852	4812	cmd.exe	124
PID 4812 wrote to memory of 2556	4812	cmd.exe	125
PID 4812 wrote to memory of 2556	4812	cmd.exe	125
PID 2556 wrote to memory of 2692	2556	Client.exe	126
PID 2556 wrote to memory of 2692	2556	Client.exe	126
PID 2556 wrote to memory of 492	2556	Client.exe	128
PID 2556 wrote to memory of 492	2556	Client.exe	128
PID 492 wrote to memory of 756	492	cmd.exe	130
PID 492 wrote to memory of 756	492	cmd.exe	130
PID 492 wrote to memory of 2880	492	cmd.exe	131
PID 492 wrote to memory of 2880	492	cmd.exe	131
PID 492 wrote to memory of 1448	492	cmd.exe	132
PID 492 wrote to memory of 1448	492	cmd.exe	132

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads