asyncrat | f3fcbb0fedb1e3b732185aebbf845ca185c950ca3635026d8a754312220577c9 | Triage

Analysis

max time kernel
18s
max time network
121s
platform
windows7_x64
resource
win7v20201028
submitted
21-11-2020 16:18

Sharing

Report Analysis Logs

General

Target

r1uDWJza.exe
Size

47KB
MD5

0550342e66698384f232ac39b700dd14
SHA1

ba5e50a39d1502e38196724ec9d844ee4bf8d002
SHA256

f3fcbb0fedb1e3b732185aebbf845ca185c950ca3635026d8a754312220577c9
SHA512

95d4814c0f18dadc1d6e6ca69c0dc96aa197595ad4e24526556e03d6f11b86a7314294ec22dd41a1305e326d49fc1562b75e376d1803c8abb86c6fe0f1ddb4b3

Score

10^/10

asyncrat rat

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat

Async RAT payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1808-3-0x0000000000760000-0x000000000077E000-memory.dmp	asyncrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

r1uDWJza.exe

description pid process

Token: SeDebugPrivilege 1808 r1uDWJza.exe

C:\Users\Admin\AppData\Local\Temp\r1uDWJza.exe
"C:\Users\Admin\AppData\Local\Temp\r1uDWJza.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1808-0-0x0000000073980000-0x000000007406E000-memory.dmp

Filesize
6.9MB

Download
memory/1808-1-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/1808-3-0x0000000000760000-0x000000000077E000-memory.dmp

Filesize
120KB

Download