Overview

overview

10

Static

static

3

EXIT/Exit.bat

windows10-2004-x64

5

QuasarDepe...es.exe

windows10-2004-x64

10

QuasarScript.exe

windows10-2004-x64

10

Start.bat

windows10-2004-x64

3

img-recog.dll

windows10-2004-x64

1

self-contain.dll

windows10-2004-x64

1

win/qwindows.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-12-2024 03:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    EXIT/Exit.bat

  • Size

    309B

  • MD5

    0838b9820c924566aae843284856fd27

  • SHA1

    2631b94e6267cb4a05768d4cbc71604e2e1cb60c

  • SHA256

    076b3dbf0da3f88989af8d57a0d18badb72d061e98fae95c2c0dbd8626575569

  • SHA512

    4df450cbe36bfa64955591f3e147efac6f0da20ca18d509091c2ac3f7e39287761936973cfaf802634f80648362664ccfef39dd104999d8d03b71a64d0b35d8d

Score
5/10
discovery

Malware Config

Signatures

  • Enumerates processes with tasklist 1 TTPs 1 IoCs
    discovery
  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\EXIT\Exit.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1332
    • C:\Windows\system32\chcp.com
      chcp 65001
      2⤵
        PID:2900
      • C:\Windows\system32\mode.com
        mode 60, 35
        2⤵
          PID:1848
        • C:\Windows\system32\tasklist.exe
          TASKLIST
          2⤵
          • Enumerates processes with tasklist
          • Suspicious use of AdjustPrivilegeToken
          PID:3864
        • C:\Windows\system32\findstr.exe
          FINDSTR UpdateScheduler.exe
          2⤵
            PID:1508
          • C:\Windows\system32\timeout.exe
            timeout 3
            2⤵
            • Delays execution with timeout.exe
            PID:4228

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads