Overview

overview

10

Static

static

10

download.exe

windows7_x64

10

download.exe

windows10_x64

10

Analysis

  • max time kernel
    132s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    04-05-2021 19:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    download.exe

  • Size

    45KB

  • MD5

    59c8e27d2d81f527f9ddacf055b28c50

  • SHA1

    91755680598d3a93fcc0aa57d1760703c5480b00

  • SHA256

    146f7a39df033afe4bb001da5b4a6eceb89f9efab5538c470b7f7f3cb4bbd15e

  • SHA512

    105b93e00d39177e4d859ebb3c9012f1e622de050259c12399f962e69c3eefb5165c8e54ec26469d7c5c410c74472b504d6976f9f559eb4b6b24ff0062af2da7

Score
10/10
asyncratrat

Malware Config

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers.

    ratasyncrat
  • Async RAT payload 1 IoCs
    rat
  • Deletes itself 1 IoCs
  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\download.exe
    "C:\Users\Admin\AppData\Local\Temp\download.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1040
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmpF7DE.tmp.bat""
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:1736
      • C:\Windows\SysWOW64\timeout.exe
        timeout 3
        3⤵
        • Delays execution with timeout.exe
        PID:1360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmpF7DE.tmp.bat
    MD5

    21027ef0362cb3e7c7cfd34bec3cd011

    SHA1

    99bd2e08ffe75f39fd36e1c5b7fadd5f705994ad

    SHA256

    02b8c57d3b2544f4afcb7b75265ba35f2232f0b0c0281ae0a290dab06586825f

    SHA512

    4bb1d5fec032f087e8f7a4287a80ba462933350f768e2b0cecdefaaaf50cc2b321c47a9e178c4ea13969ea2ab1ed65c80f9a569438e252a679fbe539baae4aaf

    Download Submit
  • memory/1040-59-0x00000000001B0000-0x00000000001B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1040-61-0x0000000074F31000-0x0000000074F33000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1040-62-0x0000000004B00000-0x0000000004B01000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1040-63-0x0000000001F70000-0x0000000001F8D000-memory.dmp
    Filesize

    116KB

    Download
  • memory/1360-66-0x0000000000000000-mapping.dmp
    Download
  • memory/1736-64-0x0000000000000000-mapping.dmp
    Download