Analysis
-
max time kernel
18s -
max time network
121s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
21-11-2020 16:18
Behavioral task
behavioral1
Sample
r1uDWJza.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
r1uDWJza.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
r1uDWJza.exe
-
Size
47KB
-
MD5
0550342e66698384f232ac39b700dd14
-
SHA1
ba5e50a39d1502e38196724ec9d844ee4bf8d002
-
SHA256
f3fcbb0fedb1e3b732185aebbf845ca185c950ca3635026d8a754312220577c9
-
SHA512
95d4814c0f18dadc1d6e6ca69c0dc96aa197595ad4e24526556e03d6f11b86a7314294ec22dd41a1305e326d49fc1562b75e376d1803c8abb86c6fe0f1ddb4b3
Malware Config
Signatures
-
Async RAT payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1808-3-0x0000000000760000-0x000000000077E000-memory.dmp asyncrat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
r1uDWJza.exedescription pid process Token: SeDebugPrivilege 1808 r1uDWJza.exe