Analysis

  • max time kernel
    19s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    20-10-2020 09:03

General

  • Target

    H7LMDfMh.exe

  • Size

    45KB

  • MD5

    fb1a0e0ced17a1a7764980f3b26850bb

  • SHA1

    1a48d9a0f538098833cdf083fa48fd93d1970db8

  • SHA256

    708ba499db884070420f378523658870927c31654d03d24cdac303b5d60b0ac4

  • SHA512

    bf619f1051575de76cacd0fd0fe6d1f4d7695d78fbcb1761752eb2b92f848ce2510df9edc53ff809264a4458161bba773603ce51a19ea25264c2cc12bfa34d61

Score
10/10

Malware Config

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\H7LMDfMh.exe
    "C:\Users\Admin\AppData\Local\Temp\H7LMDfMh.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1492-0-0x0000000073AF0000-0x00000000741DE000-memory.dmp

    Filesize

    6.9MB

  • memory/1492-1-0x0000000000BE0000-0x0000000000BE1000-memory.dmp

    Filesize

    4KB