quasar | ad1f0223d956f363ef09ac2112ed249c0057f81ff96ab9bf3d89eef466ba7695

Analysis

max time kernel
296s
max time network
299s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
15-01-2025 20:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

3.1MB
MD5

9e50097d21a19941ba554a3ee1f808c7
SHA1

af332959d09f257bfb6dc0fe6783e359da2bf4cc
SHA256

ad1f0223d956f363ef09ac2112ed249c0057f81ff96ab9bf3d89eef466ba7695
SHA512

61365d695b888d468400f34afc91bef1ddf199e94214eafceef4bdda6e263d07ec07831370d2f4445e1c2a39d2fdc6efd951645dbb0eb7a56f93feb0c16b41a6
SSDEEP

49152:Kvot62XlaSFNWPjljiFa2RoUYI15IcEiOKk/tLoGdboTHHB72eh2NT:Kvk62XlaSFNWPjljiFXRoUYIvIL

Score

10^/10

quasar office04 spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

192.168.1.5:139

Mutex

4a047de5-e1ae-4dca-af7e-8a42a9c851fd

Attributes

encryption_key
5B8D480293BBEEB0E867D6BE63ACD141EC9C469F
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Client Startup
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/memory/5896-1-0x00000000007F0000-0x0000000000B14000-memory.dmp	family_quasar
behavioral1/files/0x001a00000002ab89-6.dat	family_quasar

Executes dropped EXE 1 IoCs

pid	Process
2936	Client.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\system32\SubDir\Client.exe	Client-built.exe
File opened for modification	C:\Windows\system32\SubDir\Client.exe	Client-built.exe
File opened for modification	C:\Windows\system32\SubDir\Client.exe	Client.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
1388	schtasks.exe
5500	schtasks.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	5896	Client-built.exe
Token: SeDebugPrivilege	2936	Client.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2936	Client.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 5896 wrote to memory of 1388	5896	Client-built.exe	78
PID 5896 wrote to memory of 1388	5896	Client-built.exe	78
PID 5896 wrote to memory of 2936	5896	Client-built.exe	80
PID 5896 wrote to memory of 2936	5896	Client-built.exe	80
PID 2936 wrote to memory of 5500	2936	Client.exe	81
PID 2936 wrote to memory of 5500	2936	Client.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5896
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "Client Startup" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:1388
- C:\Windows\system32\SubDir\Client.exe
  "C:\Windows\system32\SubDir\Client.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2936
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Client Startup" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:5500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\CompleteInvoke.otf

Filesize
236KB

MD5
d654b44282050e89467a7207d2ab18a3

SHA1
b439a08a03996cde08cb13200010862b7b9f4c86

SHA256
8431c999c2eeee5795b8ef0360a74d51854843c2c7f2978f2e6bbd057001d459

SHA512
42b1c21e7c292f959883e79f3c6b38ab4afe5f3c8d64d2d3ba6ae3d5f9f9838d1611fcd3427427bf1a06135887c61fbfd6f3febcc85a19d23b4b8e2b1d351224

Download Submit
C:\Users\Admin\Desktop\ConnectRevoke.rmi

Filesize
223KB

MD5
8f802b904046bb142b052474390de05c

SHA1
dd889e3ca4e6d6e4d69e07c677f4fee8f3fcff3f

SHA256
c73db246287303c9642f542b35e89657716bc3936e131e600ef8cc8b5c7569ed

SHA512
e36a0163860444a54019213b0fbda92ed1fea1746812d1f94a47af2a28613badc8a4152c59e8c3d070bf885f57d728c0b3047007fce099d6a9a50df21ca72aff

Download Submit
C:\Users\Admin\Desktop\CopySuspend.docx

Filesize
16KB

MD5
73a3add52b77b8285357643685073087

SHA1
ef42459d540fe7752fdb72715dc010e5ddf77829

SHA256
ee6e019e56b5b072e6ef14be2cd3451a94a18d08471d8a221fc65772299ebfcd

SHA512
52f3aaaf3a91527a02e141fadc70e2b81e085d90cbb5d5c94916dc4d31bf071b10b2ae8277a45576ee134bf07461c749da753a308b50f9bfea20b0315c73bd1e

Download Submit
C:\Users\Admin\Desktop\DisableExpand.mpeg

Filesize
360KB

MD5
c2208ff9c940fc3aa53b3838380a633c

SHA1
6c1816e2414d7b27a8f2246947c168ae3fec38b7

SHA256
ba75c0bffd6d9e3f3c0ba6d439b420d8822fbca61f60563edd0080aefce8ac3a

SHA512
883a3e9ec178aba4700f7a88d4d4844ce200b8f91af9a653d4a6249809a77ddeaac2dcb0e98f9c1d9f5b98070dfa72d92126170271c08b79ad2911d1963c3e50

Download Submit
C:\Users\Admin\Desktop\EditExpand.cr2

Filesize
373KB

MD5
2048ec63b076129ba4d5a7e82e2628e5

SHA1
5d07df2781ae5b1745ad5544be6b11c0e67dc563

SHA256
f790dbe9cf42ad9dd225040001c5ba854b8e9bc1775218c1b78aecbe5fb3c5b3

SHA512
d43ffc38f3f0470ea7cac6897960fca2dd4930ec9c3fea80e44252182f7b2172ffe8c4ec883acf3cca02854e03b3758351591b9481fc85bd058434d55bba52e6

Download Submit
C:\Users\Admin\Desktop\FormatTest.wma

Filesize
323KB

MD5
ca6798af52c874d73e5d6ce2b319f051

SHA1
e903c274ddb114c42da1e9a80e59545a2f310f5b

SHA256
4a733a4dbba3889f808b22e5dfd82f1ada31f3ce16b1b86bba4160129dcd8504

SHA512
7aff88e319975c86b737ff794749cd315ff0ef007ad829c6fd31767f52b24a436207c93f34cde5086505bb9e55953b812db55fa5f288e3aa86b3b31e493b1d4c

Download Submit
C:\Users\Admin\Desktop\GroupLock.TTS

Filesize
423KB

MD5
d8d323b9c5051214ff857cccb6dfcd57

SHA1
c647bed4a4d244e845e73fac2b7b0a72c67adf38

SHA256
abdafd603c819d48204b82ee748c029ab9ba47e93582373eee8a8b83bb049f35

SHA512
240a3e3cf8f57c15ad8fe950ad0a9cdd72e76adf43a0a2f1dcfee8d6c3ae6907b2b0dfca1e1b7bf476bcaa2996cc095ec3defb075b00583ecc46b2f8afb52dc7

Download Submit
C:\Users\Admin\Desktop\HideSend.xlsx

Filesize
9KB

MD5
fb96bc4415a40688e508c843048828a9

SHA1
25a5bcc0d43fec0ece779981c2debf1c493d6939

SHA256
a48a4064692c3d6810c66560fa6d8b837d1052284fba37f5646931c1ecbb4e8f

SHA512
1edd2cf9e9981eb708b10a7ad20f8f1aae77403754a7c971757f25c9caaac6bcdab42f333291a1075b3142b9bf4527928a399a78b952596e8db83b1867dbc085

Download Submit
C:\Users\Admin\Desktop\InvokeMove.odp

Filesize
273KB

MD5
fe302aeca93812ea74a813680eea6812

SHA1
4f42b3c8d3b9b6320d834aa064ae6c8fad811ab2

SHA256
58d8125f621157c6feb920836e0168c06102082272e8abb204b661ea7fdd2784

SHA512
2ad70f863bcd57c7eddf76989d9418efb74205a6ab94b3658c93c0a35a14cbcdf968de0061d9c4514fe3dd00cbe09542ef7d124c888b1897283f8a3840f8eb23

Download Submit
C:\Users\Admin\Desktop\LockStart.WTV

Filesize
410KB

MD5
072d0586f06fb4a2edd804989d2e185a

SHA1
28ae338463f81434f31a232fe4ea188ac3ef050f

SHA256
d3cfe67ba407982c4230964edd7c0463c1cccac3de2b55969949909b910db07a

SHA512
7d90fa2778fc3e50a7e52b4dea4f5bcedd8176c4eaa7d88a63903b5efb671564d569913664a7c20da2f515ea743e87e08829ec1d047cb64ce56a210db21721d7

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
ca91b690980d71b891a540f66ff8fddb

SHA1
aedf42035acbd11f85c66497c82bd412edaedc97

SHA256
2a395b5ef7db381a5fbe3f797d0abbb3440f0e28539d69d9918b892d370baf98

SHA512
323c4bd4493971c32ce3de58ab3a6b3943bbbe8576bf4ef35186cbe9f0178b35359e11db05728b743e1070e9ef7ede06e134a63ede69366d3d35358b4340d3ac

Download Submit
C:\Users\Admin\Desktop\MountRestart.ini

Filesize
348KB

MD5
3731d102fde9c35f3fb4ddca34e264b3

SHA1
55baae13a3d49d9fa6d134026000c79eb258ac22

SHA256
6bdd8291cc6fbce349707dc7aaf756337aedff80ac31610da14a444d9493b5f5

SHA512
49f8446fa342249b21261d21a39722268a5b5c6363e2322115addee2ea540b9bfc50ad966c2f2e2b02904448a527f6028332bbc19036a1ea2d615eba877d121a

Download Submit
C:\Users\Admin\Desktop\OpenUnblock.cmd

Filesize
584KB

MD5
a35c2e508cb135ef0c9e79e409691989

SHA1
eb9dd2c9c98e9639efa79e0dd85adeb5b7678d67

SHA256
5fb3c8c45d2c2e84e6caee03b12b321dd00d84a711f6f77d72556a86c234a276

SHA512
69c8632e765951802eee2163c4b0fab87edf38dc411ba1689d5d2f9940f361cc2bcec09345a4d1c6d4b5bbb0537506b1e9ad659ba97eb14c1320193ddebe8d55

Download Submit
C:\Users\Admin\Desktop\OptimizeUnregister.docx

Filesize
17KB

MD5
ad2a9b26a1de75d20a57500b88fa80a9

SHA1
ead7cd25c28e4e5b0ed24eb4b19dfe457dd771ef

SHA256
944a449639f661601dad5f37eee05507ab3bfc5308416ceb0dbd6b5155011f92

SHA512
2945beb2502e09d92c49e6714c403798b73ceeaa30e145225c80e141fc7b0f24c3411004cc55b03e8be736c44964803803d43e2c9fbe54fe920acea764204a0b

Download Submit
C:\Users\Admin\Desktop\PingOptimize.wvx

Filesize
335KB

MD5
d40c17419dd67a47362ecf1ed0acac86

SHA1
e2f30f61e3b11827f9ea5fc221ef475b4b6f6561

SHA256
32722fc80e77b36596930912457887372a861e7fbbda156c487285dd3fdc3178

SHA512
295035488d3bbec0e97987c7febd49937c48997fdc504c943f694c5ff7bdfeb996dd247a2ddcad90b5f89b3e68855cd0e1b9d4b9a0408113529d7c941a044443

Download Submit
C:\Users\Admin\Desktop\PopInstall.mp4v

Filesize
385KB

MD5
45c09f7bfe19ad14d051abd0f1731471

SHA1
5582fadea0f58818616db32c359f501c4086d4ab

SHA256
90a62b98316065d70ac2417f696f2cbd5af26187784fa7f6361f1224c6828f8c

SHA512
d85cfb406ecc92338a855fe2868bba4b12e560dc9f782f324a6d10c1d5c169b2ca35484ffb7c9c783467648eef6bbde4fd9292fd282b1765c717d95fd2eb0f05

Download Submit
C:\Users\Admin\Desktop\PushSubmit.3gp2

Filesize
311KB

MD5
d1c392ef556df2fbd584f87d95c3802b

SHA1
086aeba00e4f100e010458d321f015862cabdbee

SHA256
5ad1b80061b817fc5505336f35d73aa98ad596a689ce4593bf8a5519f6c15509

SHA512
4044409824fbce1b72bac5036a62cc2b2903806c5d3a994a76948dd194f3ae4324bf5ce1ac75b7449cfe6a7ac6a4c3118e9d4b881563e7e2e73a3fd53a2d7091

Download Submit
C:\Users\Admin\Desktop\PushSubmit.m4v

Filesize
286KB

MD5
2b3fee4d43ea647e8293f1b3c3e11fbd

SHA1
87c39240e8d8d7fc696adf0cb3fb2c68ad3091a3

SHA256
861c6586538490c5e4894e6cf43a64bfbf38e77aaca04929f4d296b2e128440e

SHA512
60eb0c3841063a458f3640d109c6ebb11e8982f8de333dd01d2f59747e6759417ce5daf5c144c8ee044829c414ca493be8469344256dc76a7c1e7e17a37ab3c1

Download Submit
C:\Users\Admin\Desktop\ReadClose.pub

Filesize
298KB

MD5
9450865986e6501018a0946632b8db3a

SHA1
3bade11318c2d1f8998a8375cb623fa50785721f

SHA256
dafcfceb86e259e596f4074c20dd4351ccecccb7909e7a705c2c71c8ec09fb75

SHA512
6d5fda650e96885fadb43570782e9a7985efada1ae0fceb176a8fd41fc06be313ebb7cb9ac20422b4310d6a57fc554d3154c45755d6531c992fc638810329282

Download Submit
C:\Users\Admin\Desktop\ReceiveMove.wma

Filesize
261KB

MD5
36b4195250545a908da9cd0520f7e5a8

SHA1
4f189508bd3366cf79aff29ffa122aba5a4874ab

SHA256
3cf654fdf4521688254211b0051ae8a8ced797fddccc405c8d81419f060e4d34

SHA512
408cbb7127e991c7ae1b3e0a2912be8f47e1d984dd8976a5edb2a154a8ed8e2cebf9e6abf814ff09ef5a5a2ca4dd620b1e160a3347a4c18d69be0848b3ec124d

Download Submit
C:\Users\Admin\Desktop\RegisterInvoke.potm

Filesize
174KB

MD5
5bf22dc5e433c9cffbe0d9427c626b72

SHA1
d73d925ab1bce9527f6f845eb2d1cfdbe97ce7f3

SHA256
24008b20145aaf8cd5416bc5d2f41e067a8acf784c9b33241a463eb8a32fffb9

SHA512
529b7f09dce678725d25c01b76e31cd7617031d368abb44b920ffd0e93cdc673cef5bff78fe28b59382a6b9d960340f926f780a25a8f6424e6fb13b2b8d0fc96

Download Submit
C:\Users\Admin\Desktop\RequestSave.hta

Filesize
211KB

MD5
4b7c248609070ade7d6be9d8de219a12

SHA1
09f90f04833ebe98573bbc0de4a2aa4a255070fc

SHA256
69bfef701b7e59cdb760e009dd009e6bfa90b8f1188abb9dbb5fb6e347e6555c

SHA512
9bb59b265f59e392907931b86e68e92be84d1371cf5f1556d874899b9eb616340b5677098b6f13b931697825782035b4a37d6ab3546ab6591381e0f7e3641576

Download Submit
C:\Users\Admin\Desktop\ResolveEdit.docx

Filesize
19KB

MD5
ec2269810715ad03bd09561918c48b6e

SHA1
d63815cfe16306a8b78605e91f8d1c5ac8f2c9f4

SHA256
1f93fddf5e529baa8006fc840cc7aec945edb774d4ef66241260a57d3b55da93

SHA512
02acfbc5c8c99a3b182fab1a14bc0f62a5bd04665b79f3900545cca20710a27d09fbb4458816b9c978d9ee447b79036a7b662c58389fc0f4b923f734bcca01f4

Download Submit
C:\Users\Admin\Desktop\ResolveRequest.rtf

Filesize
149KB

MD5
e673b1207a89e5888dd19c860f73f036

SHA1
a0a24e98d1edefc13a03d7448eb44d814fdd9d63

SHA256
8f8bba9023e3ec8b9f6fde4af61ec820e7702995a8245b24d84902af05227eb9

SHA512
9a56b087229f083b56fdc338942f9af7803d8123f4b53a085db510e5911a2c08116c7e141b2b415232326ef2e05ca0c49cba7b39bf2716030a8143eccfa69130

Download Submit
C:\Users\Admin\Desktop\SearchLock.mpg

Filesize
186KB

MD5
4b9c5e46a5b67383aea5f9b895dd171e

SHA1
579b62bdba09317644aab55e5447eaac62a5f016

SHA256
3355f8385d50b74052fba532e969d6f028300aa4b7059d0f73857d8d67560fb2

SHA512
c8a3484ff806950ff369e80b1a270db5e66f36ea3fc78ac2ae5c898599a06907c734cc72a72d714bc44e62809a244bee555b248ee1a5ddd4f67a2f593e855338

Download Submit
C:\Users\Admin\Desktop\TraceAdd.mpa

Filesize
398KB

MD5
6f41bd9cc5e083947140854e63186030

SHA1
d1a495cccf7e4bcec2340b97ba55c91c499e8a62

SHA256
f6c24481a98cfc19ce8afe597535b647a9f9f0953048c89d1db2eab668c5862d

SHA512
a522d050ab62bdf404a9379a5013776f5835999300f10c972c08a1679dac9f281d370d1c65bc08c47bd3fbf44f0c1252820383fec3f1cc01956092610a4aa023

Download Submit
C:\Users\Admin\Desktop\TraceEnter.mht

Filesize
248KB

MD5
ba8e94853b90e35eca1e5547c62ae7b3

SHA1
9bef79c83fbacc76b330c5faf3db7e9c7c366153

SHA256
219e33180565482050385e95ae5a4c12a1a16a9d4658fa99557f09426a2c241d

SHA512
636ae45900d43e189c2a348fcb298dca0ae50633f2618c3112427f05500ac6938aa4377aa1acc4280737a4f3f02dfde4aaef3af81d09daf28d29c0a4272001f1

Download Submit
C:\Users\Admin\Desktop\UpdateComplete.vb

Filesize
199KB

MD5
91344c25a904eebf47e7a241758a5086

SHA1
a10b6437ec0ad858ace3c6ddd87892df5576a55e

SHA256
c06a02c3e4ec35431da7866e462dcccd9438208e15e61d60ac4128900709ef50

SHA512
c0194ad6046a9d8e19b4ddad67c66c8bdc914f246a043d7c81f9f6dcb2ac5956a658db25d9b50695f4d3faaaabddc1fd146a7dd237fe36df162f842747f3fe42

Download Submit
C:\Users\Admin\Desktop\UseExport.xlsb

Filesize
161KB

MD5
9dbd5193b29008619e1af2eadbe22760

SHA1
78aab0fa19591391a171320954384601262e9b62

SHA256
cdfdb526bcae2625d256996d8b8f98c0f543754cf9924fd91f5da7bd5f137dfe

SHA512
de72480d6e88dd0fe9ecf7b03d06342de98f6af44c1f493ad92c20b4da7327cd5986f9edd4216851c81f7e021506683943a5e5477d79250972ddad6d246e1580

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
a282f5fcf995357d57fd0a5a65a1d341

SHA1
38f50cd5a68726099d219d14364d7fae47cdcd1c

SHA256
6f779c57aa1814d1527ea369148d0209806b4dcc36d24b80056131e1f16a7cd1

SHA512
0ea79dc3c6903365e6a5e36bcd9ee00c937b3746a4fc8d503032ff44cac205a23693db26854676efa04ee78dbcc10a7afde640ed8d4d2a19a8807974fc96de55

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
b1fbcbfc51f4db5c8d35858ce79010bb

SHA1
fe5dea7ce9ea96d4ef51d456070ca8938bd5e207

SHA256
de4721d84ce8691568dd25104145d988ccbbca6f8f51ca996c8ae84dec1562ba

SHA512
c6ad71482c3853e57943536908cab0945401e66547b124593f23726106670062f64d483e174e7f43b91aa814b4f3a9dd9894d3375e88e40e102003b6a317645a

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
a33fbedae01c132d89e49bf54723bab0

SHA1
209162757c1bbf43c1a2530982582baa11bac30e

SHA256
f4fce54141f05d2bfe692c722844a96f4ab73e812825a351e26da82f3e595819

SHA512
e81bf3d3d7b0ff54d21905a3f7844cd065e792513ed8812eacc2f5cee1c1ec8a4d74e5e31ecf3b9b00979c141c0660141dbeb8a466f7845da8675dc3b4d76cd7

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
1af938d2cd5be6a37064ea38768c3546

SHA1
ca45c19bf5a0bd411071d7ad4b81e27883126468

SHA256
271c5bdc8f7474acf6dd59fb31765c54084d69ad64a9ffb3b77104f3cd883bac

SHA512
ec7066ccbe6769239350bb26be1be8782a65680381a3265fcabb37acff63115e00da42794ebb52778544dc6d7a6642163d248d2f4c178406c331d4c9ed727b41

Download Submit
C:\Windows\System32\SubDir\Client.exe

Filesize
3.1MB

MD5
9e50097d21a19941ba554a3ee1f808c7

SHA1
af332959d09f257bfb6dc0fe6783e359da2bf4cc

SHA256
ad1f0223d956f363ef09ac2112ed249c0057f81ff96ab9bf3d89eef466ba7695

SHA512
61365d695b888d468400f34afc91bef1ddf199e94214eafceef4bdda6e263d07ec07831370d2f4445e1c2a39d2fdc6efd951645dbb0eb7a56f93feb0c16b41a6

Download Submit
memory/2936-10-0x00007FFFB4830000-0x00007FFFB52F2000-memory.dmp

Filesize
10.8MB

Download
memory/2936-42-0x000000001CC60000-0x000000001D188000-memory.dmp

Filesize
5.2MB

Download
memory/2936-40-0x000000001C570000-0x000000001C622000-memory.dmp

Filesize
712KB

Download
memory/2936-11-0x00007FFFB4830000-0x00007FFFB52F2000-memory.dmp

Filesize
10.8MB

Download
memory/2936-12-0x000000001C460000-0x000000001C4B0000-memory.dmp

Filesize
320KB

Download
memory/2936-48-0x00007FFFB4830000-0x00007FFFB52F2000-memory.dmp

Filesize
10.8MB

Download
memory/5896-2-0x00007FFFB4830000-0x00007FFFB52F2000-memory.dmp

Filesize
10.8MB

Download
memory/5896-1-0x00000000007F0000-0x0000000000B14000-memory.dmp

Filesize
3.1MB

Download
memory/5896-9-0x00007FFFB4830000-0x00007FFFB52F2000-memory.dmp

Filesize
10.8MB

Download
memory/5896-0-0x00007FFFB4833000-0x00007FFFB4835000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads