Scheduled Task
Windows Management Instrumentation
Dynamic Analysis Report
Created 10 months ago
Adobe Download Manager.exe
Windows Exe (x86-32)
Remarks (2/3)
(0x0200003A): A task was rescheduled ahead of time to reveal dormant functionality.
(0x0200000E): The overall sleep time of all monitored processes was truncated from "4 minutes, 39 seconds" to "3 seconds" to reveal dormant functionality.
VMRay Threat Identifiers (37 rules, 79 matches)
| Score | Category | Operation | Count | Classification | |
|---|---|---|---|---|---|
5/5 | Extracted Configuration | QuasarRAT configuration was extracted | 1 | Backdoor | |
5/5 | YARA | Malicious content matched by YARA rules | 11 | Spyware, Backdoor | |
5/5 | Discovery | Combination of other detections shows configuration discovery | 1 | - | |
5/5 | Data Collection | Combination of other detections shows multiple input capture behaviors | 1 | Spyware | |
4/5 | Defense Evasion | Obscures a file's origin | 3 | - | |
4/5 | Injection | Writes into the memory of another process | 1 | Injector | |
4/5 | Injection | Modifies control flow of another process | 1 | - | |
4/5 | Reputation | Malicious file detected via reputation | 3 | - | |
4/5 | Reputation | Malicious host or URL detected via reputation | 4 | - | |
3/5 | Input Capture | Monitors keyboard input | 1 | Keylogger | |
Malware Configurations
Screenshots
Monitored Processes
MITRE ATT&CK™ Matrix - Windows
ActiveAll
Version: 2019-04-25 20:53:07.719000
Initial Access
Execution
Persistence
Hooking
Hidden Files and Directories
Scheduled Task
Registry Run Keys / Startup Folder
Privilege Escalation
Hooking
Process Injection
Scheduled Task
Defense Evasion
NTFS File Attributes
Process Injection
Hidden Files and Directories
Hidden Window
Modify Registry
Software Packing
Credential Access
Input Capture
Hooking
Discovery
System Information Discovery
System Network Configuration Discovery
Process Discovery
Query Registry
Lateral Movement
Collection
Automated Collection
Input Capture
Command and Control
Uncommonly Used Port
Exfiltration
Impact
Sample Information
| ID | #10523762 |
| MD5 | |
| SHA1 | |
| SHA256 | |
| SSDeep | |
| ImpHash | |
| File Name | Adobe Download Manager.exe |
| File Size | 2062.98 KB |
| Sample Type | Windows Exe (x86-32) |
Analysis Information
| Creation Time | 2024-05-28 17:05 (UTC+) |
| Analysis Duration | 00:04:00 |
| Termination Reason | Timeout |
| Number of Monitored Processes | 87 |
| Execution Successful | |
| Reputation Enabled | |
| Built-in AV Enabled | |
| Number of AV Matches | 0 |
| YARA Enabled | |
| Number of YARA Matches | 26 |
