resource	yara_rule
behavioral2/memory/2320-1-0x0000000000470000-0x0000000000796000-memory.dmp	family_quasar
behavioral2/files/0x0007000000023ca5-6.dat	family_quasar

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	Client.exe

pid	Process
3980	Client.exe
2796	Client.exe
4876	Client.exe
1416	Client.exe
2504	Client.exe
2396	Client.exe
4020	Client.exe
2984	Client.exe
3008	Client.exe
2344	Client.exe
3120	Client.exe
3876	Client.exe
3448	Client.exe
2712	Client.exe
2192	Client.exe

pid	Process
3064	PING.EXE
3936	PING.EXE
2072	PING.EXE
4776	PING.EXE
3628	PING.EXE
4924	PING.EXE
2792	PING.EXE
4276	PING.EXE
992	PING.EXE
2184	PING.EXE
4776	PING.EXE
4972	PING.EXE
4644	PING.EXE
1412	PING.EXE
3556	PING.EXE

pid	Process
2508	schtasks.exe
832	schtasks.exe
4132	schtasks.exe
4720	schtasks.exe
1748	schtasks.exe
3656	schtasks.exe
4708	schtasks.exe
3024	schtasks.exe
992	schtasks.exe
2232	schtasks.exe
3540	schtasks.exe
3052	schtasks.exe
4628	schtasks.exe
4292	schtasks.exe
3780	schtasks.exe
4624	schtasks.exe

description	pid	Process
Token: SeDebugPrivilege	2320	iamsupersmart.exe
Token: SeDebugPrivilege	3980	Client.exe
Token: SeDebugPrivilege	2796	Client.exe
Token: SeDebugPrivilege	4876	Client.exe
Token: SeDebugPrivilege	1416	Client.exe
Token: SeDebugPrivilege	2504	Client.exe
Token: SeDebugPrivilege	2396	Client.exe
Token: SeDebugPrivilege	4020	Client.exe
Token: SeDebugPrivilege	2984	Client.exe
Token: SeDebugPrivilege	3008	Client.exe
Token: SeDebugPrivilege	2344	Client.exe
Token: SeDebugPrivilege	3120	Client.exe
Token: SeDebugPrivilege	3876	Client.exe
Token: SeDebugPrivilege	3448	Client.exe
Token: SeDebugPrivilege	2712	Client.exe
Token: SeDebugPrivilege	2192	Client.exe

description	pid	Process	procid_target
PID 2320 wrote to memory of 4628	2320	iamsupersmart.exe	83
PID 2320 wrote to memory of 4628	2320	iamsupersmart.exe	83
PID 2320 wrote to memory of 3980	2320	iamsupersmart.exe	85
PID 2320 wrote to memory of 3980	2320	iamsupersmart.exe	85
PID 3980 wrote to memory of 4132	3980	Client.exe	87
PID 3980 wrote to memory of 4132	3980	Client.exe	87
PID 3980 wrote to memory of 3040	3980	Client.exe	89
PID 3980 wrote to memory of 3040	3980	Client.exe	89
PID 3040 wrote to memory of 4904	3040	cmd.exe	91
PID 3040 wrote to memory of 4904	3040	cmd.exe	91
PID 3040 wrote to memory of 4776	3040	cmd.exe	92
PID 3040 wrote to memory of 4776	3040	cmd.exe	92
PID 3040 wrote to memory of 2796	3040	cmd.exe	101
PID 3040 wrote to memory of 2796	3040	cmd.exe	101
PID 2796 wrote to memory of 3024	2796	Client.exe	104
PID 2796 wrote to memory of 3024	2796	Client.exe	104
PID 2796 wrote to memory of 4548	2796	Client.exe	107
PID 2796 wrote to memory of 4548	2796	Client.exe	107
PID 4548 wrote to memory of 1108	4548	cmd.exe	109
PID 4548 wrote to memory of 1108	4548	cmd.exe	109
PID 4548 wrote to memory of 3628	4548	cmd.exe	110
PID 4548 wrote to memory of 3628	4548	cmd.exe	110
PID 4548 wrote to memory of 4876	4548	cmd.exe	115
PID 4548 wrote to memory of 4876	4548	cmd.exe	115
PID 4876 wrote to memory of 2508	4876	Client.exe	116
PID 4876 wrote to memory of 2508	4876	Client.exe	116
PID 4876 wrote to memory of 1548	4876	Client.exe	119
PID 4876 wrote to memory of 1548	4876	Client.exe	119
PID 1548 wrote to memory of 3972	1548	cmd.exe	121
PID 1548 wrote to memory of 3972	1548	cmd.exe	121
PID 1548 wrote to memory of 3064	1548	cmd.exe	122
PID 1548 wrote to memory of 3064	1548	cmd.exe	122
PID 1548 wrote to memory of 1416	1548	cmd.exe	125
PID 1548 wrote to memory of 1416	1548	cmd.exe	125
PID 1416 wrote to memory of 4292	1416	Client.exe	127
PID 1416 wrote to memory of 4292	1416	Client.exe	127
PID 1416 wrote to memory of 2976	1416	Client.exe	130
PID 1416 wrote to memory of 2976	1416	Client.exe	130
PID 2976 wrote to memory of 1736	2976	cmd.exe	132
PID 2976 wrote to memory of 1736	2976	cmd.exe	132
PID 2976 wrote to memory of 2184	2976	cmd.exe	133
PID 2976 wrote to memory of 2184	2976	cmd.exe	133
PID 2976 wrote to memory of 2504	2976	cmd.exe	135
PID 2976 wrote to memory of 2504	2976	cmd.exe	135
PID 2504 wrote to memory of 992	2504	Client.exe	136
PID 2504 wrote to memory of 992	2504	Client.exe	136
PID 2504 wrote to memory of 3092	2504	Client.exe	139
PID 2504 wrote to memory of 3092	2504	Client.exe	139
PID 3092 wrote to memory of 2840	3092	cmd.exe	141
PID 3092 wrote to memory of 2840	3092	cmd.exe	141
PID 3092 wrote to memory of 4776	3092	cmd.exe	142
PID 3092 wrote to memory of 4776	3092	cmd.exe	142
PID 3092 wrote to memory of 2396	3092	cmd.exe	144
PID 3092 wrote to memory of 2396	3092	cmd.exe	144
PID 2396 wrote to memory of 2232	2396	Client.exe	145
PID 2396 wrote to memory of 2232	2396	Client.exe	145
PID 2396 wrote to memory of 3656	2396	Client.exe	148
PID 2396 wrote to memory of 3656	2396	Client.exe	148
PID 3656 wrote to memory of 3768	3656	cmd.exe	150
PID 3656 wrote to memory of 3768	3656	cmd.exe	150
PID 3656 wrote to memory of 4924	3656	cmd.exe	151
PID 3656 wrote to memory of 4924	3656	cmd.exe	151
PID 3656 wrote to memory of 4020	3656	cmd.exe	153
PID 3656 wrote to memory of 4020	3656	cmd.exe	153

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.