Overview

overview

10

Static

static

10

Quasar.v1.4.1.zip

windows10-1703-x64

1

Quasar.v1.4.1.zip

windows10-2004-x64

1

Quasar.v1.4.1.zip

windows11-21h2-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-07-2024 02:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Quasar.v1.4.1.zip

  • Size

    3.3MB

  • MD5

    13aa4bf4f5ed1ac503c69470b1ede5c1

  • SHA1

    c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00

  • SHA256

    4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

  • SHA512

    767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

  • SSDEEP

    49152:lYLmNgMh/9yUsRFeWMyYISDSwtfxZQNemi57PdHmeFINp/lFnsDbNFNepL6DJo+J:mL9U1yUUQykOQ91XFYBlR8P9d5uNJo9

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Quasar.v1.4.1.zip
    1⤵
      PID:3824
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1604

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Query Registry

    1
    T1012

    Peripheral Device Discovery

    1
    T1120

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1604-2-0x000001F21F440000-0x000001F21F441000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1604-1-0x000001F21F440000-0x000001F21F441000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1604-0-0x000001F21F440000-0x000001F21F441000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1604-7-0x000001F21F440000-0x000001F21F441000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1604-12-0x000001F21F440000-0x000001F21F441000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1604-11-0x000001F21F440000-0x000001F21F441000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1604-10-0x000001F21F440000-0x000001F21F441000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1604-9-0x000001F21F440000-0x000001F21F441000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1604-8-0x000001F21F440000-0x000001F21F441000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1604-6-0x000001F21F440000-0x000001F21F441000-memory.dmp
      Filesize

      4KB

      Download