asyncrat | fd31332fe456fceccc18d789f43c520a589e731b20b69169f7177604dcdc355e | Triage

Analysis

max time kernel
8s
max time network
148s
platform
windows7_x64
resource
win7v20210410
submitted
18-04-2021 05:50

Sharing

Report Analysis Logs

General

Target

7466F1F366B6B1A579B102B5AAD68EE7.exe
Size

307KB
MD5

7466f1f366b6b1a579b102b5aad68ee7
SHA1

214d2d0fc1b4d879cd099acf2f898346404988f3
SHA256

fd31332fe456fceccc18d789f43c520a589e731b20b69169f7177604dcdc355e
SHA512

4bd15a94abc56613fcbf168e03a1b23d77b11f2a0eff415626a9594e66ff687c6b569d45e31fd01b6f3b6935b186752fa1cc8bfd3511cee899f68e25d0d3a1f9

Score

10^/10

asyncrat rat

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

7466F1F366B6B1A579B102B5AAD68EE7.exe

description pid process

Token: SeDebugPrivilege 1072 7466F1F366B6B1A579B102B5AAD68EE7.exe

C:\Users\Admin\AppData\Local\Temp\7466F1F366B6B1A579B102B5AAD68EE7.exe
"C:\Users\Admin\AppData\Local\Temp\7466F1F366B6B1A579B102B5AAD68EE7.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1072-60-0x0000000000C20000-0x0000000000C21000-memory.dmp

Filesize
4KB

Download
memory/1072-62-0x0000000075411000-0x0000000075413000-memory.dmp

Filesize
8KB

Download
memory/1072-63-0x0000000004B50000-0x0000000004B51000-memory.dmp

Filesize
4KB

Download