Analysis Overview
SHA256
c973b6a179d4477cc0d52ca84e6083a679988d991b53cb29573c75668b154f2e
Threat Level: Known bad
The file c973b6a179d4477cc0d52ca84e6083a679988d991b53cb29573c75668b154f2e.exe was found to be: Known bad.
Malicious Activity Summary
Quasar family
Latentbot family
Quasar payload
LatentBot
Quasar RAT
Executes dropped EXE
Checks computer location settings
Drops file in System32 directory
System Network Configuration Discovery: Internet Connection Discovery
Unsigned PE
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Scheduled Task/Job: Scheduled Task
Runs ping.exe
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-03-11 04:53
Signatures
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-03-11 04:53
Reported
2025-03-11 04:56
Platform
win7-20240903-en
Max time kernel
142s
Max time network
119s
Command Line
Signatures
LatentBot
Latentbot family
Quasar RAT
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Users\Admin\AppData\Local\Temp\c973b6a179d4477cc0d52ca84e6083a679988d991b53cb29573c75668b154f2e.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File created | C:\Windows\system32\Java\JavaUpdater.exe | C:\Users\Admin\AppData\Local\Temp\c973b6a179d4477cc0d52ca84e6083a679988d991b53cb29573c75668b154f2e.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Users\Admin\AppData\Local\Temp\c973b6a179d4477cc0d52ca84e6083a679988d991b53cb29573c75668b154f2e.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
Enumerates physical storage devices
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\c973b6a179d4477cc0d52ca84e6083a679988d991b53cb29573c75668b154f2e.exe
"C:\Users\Admin\AppData\Local\Temp\c973b6a179d4477cc0d52ca84e6083a679988d991b53cb29573c75668b154f2e.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\do9rQ9l0Cbg1.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lEaWrhSiaMn3.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\Qx1Ruko14yPo.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HNACr3kRV6P9.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cp2tyv8OYe8x.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PlCvQ0oMV97Q.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\roZw2iZc2X5d.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pxkQIPN0ijlF.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ydn4zkCsRhxU.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\0j3OJbWGSEkK.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\68W9NF5kTJvG.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CXSR3jUgn0zP.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\Y0Tzz1wy2zAk.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\1qVTedZSfqPH.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oVAxfZ6F9U7B.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | prxprodquasar.zapto.org | udp |
Files
memory/2260-0-0x000007FEF54C3000-0x000007FEF54C4000-memory.dmp
memory/2260-1-0x0000000000EB0000-0x00000000011EE000-memory.dmp
memory/2260-2-0x000007FEF54C0000-0x000007FEF5EAC000-memory.dmp
C:\Windows\System32\Java\JavaUpdater.exe
| MD5 | 0a717705a7797e35b6f5af62ffe43abb |
| SHA1 | 4c823754c6cebe13ae0aec7ba874318f20445145 |
| SHA256 | c973b6a179d4477cc0d52ca84e6083a679988d991b53cb29573c75668b154f2e |
| SHA512 | 75d39a3fbbf3b6289330aab45471d497dec51d076dc96bf29b0bc526154bb9502745f08aee14624bca8c7b0f2c5822e2f81a8b959cd8348457015b06a2fe9ead |
memory/2640-8-0x0000000000BB0000-0x0000000000EEE000-memory.dmp
memory/2640-9-0x000007FEF54C0000-0x000007FEF5EAC000-memory.dmp
memory/2640-10-0x000007FEF54C0000-0x000007FEF5EAC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\do9rQ9l0Cbg1.bat
| MD5 | b3ebaab1226e7d8925597cac1283c223 |
| SHA1 | 8446e9ad6654dc99f488fd03d23766c262faaf90 |
| SHA256 | 07340e5af0eb2f008f12b52c5ff304014eb37a1afd7fbb3ab58c8445779a3bbc |
| SHA512 | 8234af6e63b1d395cb582b3d60ad7534f3d34e97d77c03745289604dc8eb76193a59729259144e72963645133af2f7769fdb42b1941cb0297e5c36b812e56e03 |
memory/2640-20-0x000007FEF54C0000-0x000007FEF5EAC000-memory.dmp
memory/2260-21-0x000007FEF54C0000-0x000007FEF5EAC000-memory.dmp
memory/648-23-0x0000000001010000-0x000000000134E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lEaWrhSiaMn3.bat
| MD5 | b7f15a470dab90b97726aeddbaf0ecf8 |
| SHA1 | 6080536382546a55d5c9c55d6507a2b57a834cdc |
| SHA256 | 1eb835cd4000012b6ac29d39e2c513dd7dd5f476c79c4777e5ef072299fa0e74 |
| SHA512 | ff14aa11dda95700f1016d55df2c43581386057610a305241f809a6c0c09223b9223cd4e9c986424d90d0b8bb42479b071aee168fc0778886aa8f669ecf07cc9 |
C:\Users\Admin\AppData\Local\Temp\Qx1Ruko14yPo.bat
| MD5 | 6ec9a55018b269c34aad2b4db65d5c64 |
| SHA1 | 6ee30316ece927360b703dfa459d44fd87843121 |
| SHA256 | 11466ab61b842eb4ca13934b32a1adce4b0be21ec81b95f9bfdfd115cfd3d4e3 |
| SHA512 | 21051b8c6b3d7f3e748c14dfbb0d781f4a5bab2328a53b4df848cb774c2b3f1cdc6da02e588ef49dbc079cffe1b2a88043dd4560d37c2b06fc0351543d779668 |
\??\PIPE\lsarpc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\HNACr3kRV6P9.bat
| MD5 | 8019bfb59b0f8591951f6d8829d1928a |
| SHA1 | dab205c6bf1675297d08578af303a7edab654652 |
| SHA256 | 8381a2f3955b6ab4d327dc44d52e5ca76d727296802070629d92fd7bbfb714d9 |
| SHA512 | c05ee4b978097f179823c9fe7d71e122e57715dcfcb567051e55e70822d8cf22d9c46832c9a963e50ce38b5d263de200f08855497c4f1f27845f6a680e1a847b |
C:\Users\Admin\AppData\Local\Temp\cp2tyv8OYe8x.bat
| MD5 | d5ac59c22ca62011aba98d75acc5bdf9 |
| SHA1 | b12fb38249e9bd60b6379fd281cd9b0719d0cb10 |
| SHA256 | 1598bc1ab651665acf74ab4a7266c4add40513b020afd4c59baea41c9b510505 |
| SHA512 | 9310aadc82f717046f84d57f0f31d21af70a6d5362f619e0bfd1a098c274fa99b152c27d12419d42196f9d1aa43b4e4aa6d79d868fe16a812c1abb9da9730955 |
C:\Users\Admin\AppData\Local\Temp\PlCvQ0oMV97Q.bat
| MD5 | 2a5ce009958f48556165cded9af9ca76 |
| SHA1 | 60f57878011bb0c16a720323e4d87788a9a9180f |
| SHA256 | 67b4997718aba2343efa9a08466e5969e0ba882b51027ca890003758d4854980 |
| SHA512 | 78831beab1e0c50976185098765b468e6b9887bdb0382a7d0239ee4e7483b2808ac281ccd1a5f0f3b634bde298f44c00ea890d876218737c72fef41d97cc63ce |
C:\Users\Admin\AppData\Local\Temp\roZw2iZc2X5d.bat
| MD5 | 820bd1ac18e0f7e31929a6acd1755209 |
| SHA1 | 92e983649b0e45ce47a12e1aa9c8a6fb903277b2 |
| SHA256 | fdd607f17075600bc4751ee83b8fc9861f23272fe0e2ea7446985d7fba0cc929 |
| SHA512 | 108cbe59932e020ce3ec53b92ed324cb5c435e6d78ab35402ef1c05d5dddd60c3286b2d328cda03bd3a78afe7097af84ebc512ee6ce297c60a97af594d59f42a |
C:\Users\Admin\AppData\Local\Temp\pxkQIPN0ijlF.bat
| MD5 | 5e5c3e800df4429d6e07c8d332b096c2 |
| SHA1 | b02ce5a1cc69eb2817117b01a0337f773073d94a |
| SHA256 | ae9c88062bc230011c931c7be4c36cb87db6ee69340c88f8342def381e94c275 |
| SHA512 | ad4998d3bd83b4524ca30aa52fe64e7f8832748601b11bce2dbd9ba94a452cd013929e30d393a3ade5cb2006607212e3ec2ad938b49e77b8800af604b8709073 |
memory/2928-96-0x00000000013B0000-0x00000000016EE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ydn4zkCsRhxU.bat
| MD5 | d4d28481fdef33bc4bd7ac7ce6c93cc6 |
| SHA1 | 0c2d878bf4fcbecc2240e94b58731c4bb228c513 |
| SHA256 | 917f23952a9b71e5d340cefdef6faed2b0c8189a65ff4e4a3448c75777298120 |
| SHA512 | f81db5fc1e96ed810efd96dd91c83a46fae225c91143a72408107ad4dfab8e32a603c438c75146aefec9d131e220c181228fbab18574ceede0c5c940315e2a63 |
C:\Users\Admin\AppData\Local\Temp\0j3OJbWGSEkK.bat
| MD5 | 88d275d5273fb21d217e3b264e5c1a4f |
| SHA1 | a81d0d7de0c944aa9a41ecd80e6305eaf101cba4 |
| SHA256 | 6f77cba3d6aeb8d859bc7c5cf15fe3a49ecf14fed20f291fdf0a8febbafbdbd0 |
| SHA512 | e448088af66a81475af001ef9b9e30a684956ee536168e247e43c0f56c4bde6e9e536edddd7d4af77b7ba859f344dbec09a9e69023df03741c87f9d924727252 |
C:\Users\Admin\AppData\Local\Temp\68W9NF5kTJvG.bat
| MD5 | ab30d1e922fb4a490a4f422f3918edbd |
| SHA1 | 9cbe215db7b951ae4955c46ded3a16ceefcf5811 |
| SHA256 | 082f7ce69fa5fa2026985cd024b70bd81b83db549f0f8d0a7e5e6b06fc984fa5 |
| SHA512 | 9f764663997a96cdc425263469e5f0c45685cccb940734e17ef7e072e73bcd32901ebbf534148003fff0184ba270b743dccaf09a06e4242e5621d30cb58a4e52 |
C:\Users\Admin\AppData\Local\Temp\CXSR3jUgn0zP.bat
| MD5 | 36c98362e3712ddd6eb9af25e8cda217 |
| SHA1 | 6c919c99d95f2fa9255edfce02cfb9e3a375147a |
| SHA256 | c77c14352675b5c54a1cd14e755e6dac15ea00c9b4e38fa9882ba35aa802a681 |
| SHA512 | a8ec761d85afc6785cce73c4c831e21e458d89eec66ca8b4c624ff3a11c2c4b7ef216a93a08e9b1e6a244ff4d8224024d5468663689965740944a8abdfb88e38 |
C:\Users\Admin\AppData\Local\Temp\Y0Tzz1wy2zAk.bat
| MD5 | abc6d2a3c8114ace34773a29dd652d63 |
| SHA1 | c72f8d451880e3247d8240aba4c7307593969c1f |
| SHA256 | cfd10659b50b1a144cd0811698650238df465d41ee290961860f6c721a95bb27 |
| SHA512 | 4dd1972bd35830184e3504e7606c556e60e262164307760f11a11144e626cd7337fc08b135e9b4ce2022cd904b2a94ff322ecd383c73196e9a3ca934dc587612 |
C:\Users\Admin\AppData\Local\Temp\1qVTedZSfqPH.bat
| MD5 | f675d679b3749deda969dd1eb8a136b8 |
| SHA1 | 632b2cbf7fb742f44a88b544b58023f4d8d8902c |
| SHA256 | f0e79de4c8f7d47f5cadc809927962c513ca31c0a30340a299208e0789d61b0a |
| SHA512 | 204d466570b128a9713e5013e2e572aff34bce80aaf41508c29b3bc4e930128225009856ed4349e8f31756f9539380348a4a000b66adcce64c2623f805f79a62 |
memory/3040-159-0x00000000001E0000-0x000000000051E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\oVAxfZ6F9U7B.bat
| MD5 | a61897cda9835b2ed3d8cf2d56521287 |
| SHA1 | 2cdb3691b6ff98fb5d911832a547da3d97a63d8f |
| SHA256 | 8ea1c598894d503ab58cff629c4c6a6fb06df9221009578d28e25a785b139dfc |
| SHA512 | 48f48beec14d650971bf8a36aa42179ea4e8b6ea71cedb0af42f272879e1a68501188c362c2d5bcc18792e9b4b2081e6c0e46111f469c9c826b62d7acbb00c8e |
Analysis: behavioral2
Detonation Overview
Submitted
2025-03-11 04:53
Reported
2025-03-11 04:56
Platform
win10v2004-20250217-en
Max time kernel
150s
Max time network
139s
Command Line
Signatures
LatentBot
Latentbot family
Quasar RAT
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Users\Admin\AppData\Local\Temp\c973b6a179d4477cc0d52ca84e6083a679988d991b53cb29573c75668b154f2e.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File created | C:\Windows\system32\Java\JavaUpdater.exe | C:\Users\Admin\AppData\Local\Temp\c973b6a179d4477cc0d52ca84e6083a679988d991b53cb29573c75668b154f2e.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Users\Admin\AppData\Local\Temp\c973b6a179d4477cc0d52ca84e6083a679988d991b53cb29573c75668b154f2e.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| File opened for modification | C:\Windows\system32\Java\JavaUpdater.exe | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
Enumerates physical storage devices
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
| N/A | N/A | C:\Windows\system32\Java\JavaUpdater.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\c973b6a179d4477cc0d52ca84e6083a679988d991b53cb29573c75668b154f2e.exe
"C:\Users\Admin\AppData\Local\Temp\c973b6a179d4477cc0d52ca84e6083a679988d991b53cb29573c75668b154f2e.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\d1wkSZR4fmj4.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\e1NXaqSldK7V.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PnOxNyztQxNa.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lJvMH5DdbHfg.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WRDmHF1LOYls.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZMUVjkB92MOg.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\3LmQFAVC7eyi.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\5QP1AzgUmWu4.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\knv9OWyW2IA6.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\9TcFB4CGL9JP.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qZ0vaYJZLGFq.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XP79SJhszHVt.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HPcWzIj05pPy.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fDGRHixDpAaA.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\Java\JavaUpdater.exe
"C:\Windows\system32\Java\JavaUpdater.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Windows\system32\Java\JavaUpdater.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WWwzSBhRT0jA.bat" "
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | prxprodquasar.zapto.org | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | udp |
Files
memory/4808-1-0x0000000000FF0000-0x000000000132E000-memory.dmp
memory/4808-0-0x00007FFE465B3000-0x00007FFE465B5000-memory.dmp
memory/4808-2-0x00007FFE465B0000-0x00007FFE47071000-memory.dmp
memory/2996-9-0x00007FFE465B0000-0x00007FFE47071000-memory.dmp
C:\Windows\system32\Java\JavaUpdater.exe
| MD5 | 0a717705a7797e35b6f5af62ffe43abb |
| SHA1 | 4c823754c6cebe13ae0aec7ba874318f20445145 |
| SHA256 | c973b6a179d4477cc0d52ca84e6083a679988d991b53cb29573c75668b154f2e |
| SHA512 | 75d39a3fbbf3b6289330aab45471d497dec51d076dc96bf29b0bc526154bb9502745f08aee14624bca8c7b0f2c5822e2f81a8b959cd8348457015b06a2fe9ead |
memory/2996-10-0x00007FFE465B0000-0x00007FFE47071000-memory.dmp
memory/2996-12-0x000000001BCF0000-0x000000001BDA2000-memory.dmp
memory/2996-11-0x000000001BBE0000-0x000000001BC30000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\d1wkSZR4fmj4.bat
| MD5 | 42b57661f832ab60b6efdeb140610b6d |
| SHA1 | e2a2d06c4e37e47d6f0da26f56c2bf0dcf2efe04 |
| SHA256 | 82388519eb88428412f84b36303298ba41a1358205ca4645c0b5bbb83f0b4a08 |
| SHA512 | b44834d06f9187b692b3c92b09cfd4d13fb1aa25e675b9b4372ab5a6ed169364077629e13966e9d5b192109b40524d611fb4732f92ade9462fb68506fc0e8b28 |
memory/2996-17-0x00007FFE465B0000-0x00007FFE47071000-memory.dmp
memory/4808-19-0x00007FFE465B0000-0x00007FFE47071000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\JavaUpdater.exe.log
| MD5 | 8f0271a63446aef01cf2bfc7b7c7976b |
| SHA1 | b70dad968e1dda14b55ad361b7fd4ef9ab6c06d7 |
| SHA256 | da740d78ae00b72cb3710d1a1256dc6431550965d20afaa65e5d5860a4748e8c |
| SHA512 | 78a403c69f1284b7dd41527019f3eede3512a5e4d439d846eca83557b741ca37bcf56c412f3e577b9dd4cfa5a6d6210961215f14cb271b143f6eb94f69389cf5 |
C:\Users\Admin\AppData\Local\Temp\e1NXaqSldK7V.bat
| MD5 | 3da1a740614ecb65fd47bed317439f3a |
| SHA1 | a23596c89f137cf3a8ecb4af3a3df5fc51d570a3 |
| SHA256 | 6f7835ca27b74f18a431685688a60e620d8340cb98ce1250fa4e644f7f28b6fb |
| SHA512 | 7fe588fb91f0be06731b49d25f7af7d60d9ebec3cf09cbe5fa0dd12697a741fa8a6df9e11d49542e08018f09427ab0a17bae54af219ea97acb733a23ad7f4037 |
C:\Users\Admin\AppData\Local\Temp\PnOxNyztQxNa.bat
| MD5 | 3d2873d82fa4170e5c3bc43fbd0f39c8 |
| SHA1 | 0f95d8b05160307ce1f8fb611f45a2d6f88108a2 |
| SHA256 | 6bb8f91fed9f0f5cc0a545fb062c462cd2bae6ff8bf16c159f14c79d44ec2e47 |
| SHA512 | d9e44ac0f6f533b9afe4c3a17dee018b7d31fb2039b23b3eac60f140eb32f5e33589e42c91e04b8f1e22ee46b7815b6366c689a6fa38d64677e5ca34d914ae88 |
C:\Users\Admin\AppData\Local\Temp\lJvMH5DdbHfg.bat
| MD5 | 091a937c0c958bf69d8d793ce3fcf3b0 |
| SHA1 | e8f19b18853b6f2b170e30464c013a18db9e7e77 |
| SHA256 | 8c1deda3f10efef9b1779aaecc46f07c3c1c900176c122aeaa795a7358971abb |
| SHA512 | 6fe855ba43b8e3276e66e80a6198ef1664282816f78f885a2836685286046164642086d7387fbbde6dde56a811951d60d546aa734f686c3d17eda964e51f01a2 |
C:\Users\Admin\AppData\Local\Temp\WRDmHF1LOYls.bat
| MD5 | 1ac5dcd66c41fe7738d87ba639e69ef5 |
| SHA1 | b5d73989ae3a9a6300689b8639182c89a9d48f91 |
| SHA256 | a816c650d83c93835d5a4b83fe5a87c756a312b41f4db7b60389e914978054bb |
| SHA512 | 01eb8b01a832d57583bea8af4eb49370c910d645ff9ea2beecdbd78a88c837f0fcd433c02c99387c25635bd0f0f98238c1475a4c54686f0edca0b3956debdd55 |
C:\Users\Admin\AppData\Local\Temp\ZMUVjkB92MOg.bat
| MD5 | 24042208ce3f0f8f2d35e7e1121f83af |
| SHA1 | d1246531e401d3472741559ea0aa439d38d5f058 |
| SHA256 | ce07f990a6a7c1d612a88c0bd1f7765bcde3a02e026fe43878574d8b02b0d9ce |
| SHA512 | cb50d473354b1c191590b9e1802b180f4c9833a9b38272ba329ca1468dac2e98ba814c5d3b4632e4b8a64ebbea8a63d423d9969e68727b781203425c05e6210e |
C:\Users\Admin\AppData\Local\Temp\3LmQFAVC7eyi.bat
| MD5 | 5557aac69c3478ff7d1386d07bf78a52 |
| SHA1 | 26c6f5e8055cbc92e3b981ee58fe461d3388fc75 |
| SHA256 | 362e14825e03e057f00bd89816740b4c06312ca7ef0ccc5ff7e2533f156be98a |
| SHA512 | 45143507481addca77e320286fe67e20a147cc5d7a411c66dd35b445efed217cc678e31738710e65215a6bc8015fb27fd0e8c753176c751cb4a1afb1b64ca861 |
C:\Users\Admin\AppData\Local\Temp\5QP1AzgUmWu4.bat
| MD5 | b86b6ee40906deb8c92399b8b27038d3 |
| SHA1 | 504fefa3c9cb0c5a31bef67a30d919f96ee6dff7 |
| SHA256 | 1678ee6cc679d2f9cd631fcc7b73a20587f1bb2b86507415ec9805b94ad5e076 |
| SHA512 | 86136a9e8f250683aa04b4bb978da9ca8070c3624923d182fb0129a41c392ccfadf977e75e62f109fc4117503715f6203ce39e91d975fb4124cd48c0e6853e72 |
C:\Users\Admin\AppData\Local\Temp\knv9OWyW2IA6.bat
| MD5 | 4a4d68d0984a07c048be2488da506b85 |
| SHA1 | d566fb7220956a3ee368a159c4d8b1542ff9a7e2 |
| SHA256 | fe3b0b6067a5d84e6b5dcaa7989a92be43d5d62e299974f2e2f9739ddb884c20 |
| SHA512 | 598896a5b93f441748ac00dc52cbbbeaaa40b131198c86bcde574f5873d883347f77a88512ce95d1408ffd84c17219a8c7e70a72c32acc8c275c5544feacf32f |
C:\Users\Admin\AppData\Local\Temp\9TcFB4CGL9JP.bat
| MD5 | 9cb48d83a3c91b883f1b0c8767ed7966 |
| SHA1 | 9b076ac61dac089b2f39a047a822710d62bfda43 |
| SHA256 | 23e2251e91a07a7a5230a60e0b7366249937f2d7fbf4e695f479cb98f328d58c |
| SHA512 | 8e0b8ccbe3b21f575c71cbdd02a9014a08944474661d09ba0ac8951ab0bbfc60ab5a2fb22f5dd9734cd4b827f78a084a322e6da17d4abd30e61161e783466b33 |
C:\Users\Admin\AppData\Local\Temp\qZ0vaYJZLGFq.bat
| MD5 | c55a3bb84b12943bb2f639c2028c618c |
| SHA1 | ed6b9529fad9552679fa7b288b5eb1bb4096e7d6 |
| SHA256 | a8000a67663266b340177d43c4aab0307a270fdfab63078c666315228d9a5e30 |
| SHA512 | 9a105218c06df50546b5d110b584ea7b6034649bf0a8a4f7b90314bdbe05bd64325610dc7a66569ae32c6883624e094576498aac7f6d5d8f11618cfa38e925f0 |
C:\Users\Admin\AppData\Local\Temp\XP79SJhszHVt.bat
| MD5 | 72bdac270af73be8ea815dfd0890f96d |
| SHA1 | 5ae436a9596752d8106a7e33700fe13001aaba34 |
| SHA256 | 9b387d62fb82a073dff94a4391fa44a142942e16cf8f1894eb56116e012f037d |
| SHA512 | 89619670d108bf1bee69d47286334ec8a6452b0023a32e2e27133ea3656ab18c7bf2c44c40443e6831bfb80a3fd728f6b5bf57bb33057cd358b9f8d4ccf69c7e |
C:\Users\Admin\AppData\Local\Temp\HPcWzIj05pPy.bat
| MD5 | 1d90067872728e13f9596071d7a50072 |
| SHA1 | e149f3b147e0a591c5ab19c1c0aff387992c21fc |
| SHA256 | 50f65336d42990a72a2a4d54f9c74042c69b92b2301625be90b48781266a2561 |
| SHA512 | e7513b441fa369b6a4feb96d06d3f719c01a2d75522c7e2295a86d0c31d0da54e0e29dacc8b87afa634b59278499fd1d464fd2f17f551082d222673d1069bd95 |
C:\Users\Admin\AppData\Local\Temp\fDGRHixDpAaA.bat
| MD5 | 5ba76b5e32bf005f0e9694470d4db5e3 |
| SHA1 | 05f777735cf0eafdad3d809f10c2ea3f1e1ac413 |
| SHA256 | ba494f7b7b81cc8e2fdcebfb6d838309c6bca6c44f2a1dbfb3d027db838cb58d |
| SHA512 | ec9ccf23128bdeafe3a64bba04862cf28dbeb34676bfa7e614eaaa0c6b8147bbea2712163f8fc4b5c0efb0e11d9f2dfcc3eabc638714d2b096834834426b60db |