resource	yara_rule
behavioral2/files/0x0007000000023c71-101.dat	family_quasar
behavioral2/memory/4980-146-0x00000000001C0000-0x00000000004E4000-memory.dmp	family_quasar

pid	Process
4980	registry.exe
2224	Registry.exe
4348	registry.exe
3112	registry.exe
1168	registry.exe

description	ioc	Process
File created	C:\Windows\system32\SubDir\Registry.exe	registry.exe
File opened for modification	C:\Windows\system32\SubDir\Registry.exe	registry.exe
File created	C:\Windows\System32\SubDir\Registry.exe\:SmartScreen:$DATA	registry.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 347977.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 140521.crdownload:SmartScreen	msedge.exe

pid	Process
4016	msedge.exe
4016	msedge.exe
392	msedge.exe
392	msedge.exe
2312	identity_helper.exe
2312	identity_helper.exe
2544	msedge.exe
2544	msedge.exe

description	pid	Process
Token: SeDebugPrivilege	4980	registry.exe
Token: SeDebugPrivilege	2224	Registry.exe
Token: SeDebugPrivilege	4348	registry.exe
Token: SeDebugPrivilege	3112	registry.exe
Token: SeDebugPrivilege	1168	registry.exe

description	pid	Process	procid_target
PID 392 wrote to memory of 1040	392	msedge.exe	82
PID 392 wrote to memory of 1040	392	msedge.exe	82
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 3004	392	msedge.exe	83
PID 392 wrote to memory of 4016	392	msedge.exe	84
PID 392 wrote to memory of 4016	392	msedge.exe	84
PID 392 wrote to memory of 4012	392	msedge.exe	85
PID 392 wrote to memory of 4012	392	msedge.exe	85
PID 392 wrote to memory of 4012	392	msedge.exe	85
PID 392 wrote to memory of 4012	392	msedge.exe	85
PID 392 wrote to memory of 4012	392	msedge.exe	85
PID 392 wrote to memory of 4012	392	msedge.exe	85
PID 392 wrote to memory of 4012	392	msedge.exe	85
PID 392 wrote to memory of 4012	392	msedge.exe	85
PID 392 wrote to memory of 4012	392	msedge.exe	85
PID 392 wrote to memory of 4012	392	msedge.exe	85
PID 392 wrote to memory of 4012	392	msedge.exe	85
PID 392 wrote to memory of 4012	392	msedge.exe	85
PID 392 wrote to memory of 4012	392	msedge.exe	85
PID 392 wrote to memory of 4012	392	msedge.exe	85
PID 392 wrote to memory of 4012	392	msedge.exe	85
PID 392 wrote to memory of 4012	392	msedge.exe	85
PID 392 wrote to memory of 4012	392	msedge.exe	85
PID 392 wrote to memory of 4012	392	msedge.exe	85
PID 392 wrote to memory of 4012	392	msedge.exe	85
PID 392 wrote to memory of 4012	392	msedge.exe	85

pid	Process
4828	schtasks.exe
1808	schtasks.exe

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.