Overview

overview

10

Static

static

10

download.exe

windows7_x64

10

download.exe

windows10_x64

10

Analysis

  • max time kernel
    135s
  • max time network
    138s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    04-05-2021 19:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    download.exe

  • Size

    45KB

  • MD5

    59c8e27d2d81f527f9ddacf055b28c50

  • SHA1

    91755680598d3a93fcc0aa57d1760703c5480b00

  • SHA256

    146f7a39df033afe4bb001da5b4a6eceb89f9efab5538c470b7f7f3cb4bbd15e

  • SHA512

    105b93e00d39177e4d859ebb3c9012f1e622de050259c12399f962e69c3eefb5165c8e54ec26469d7c5c410c74472b504d6976f9f559eb4b6b24ff0062af2da7

Score
10/10
asyncratrat

Malware Config

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers.

    ratasyncrat
  • Async RAT payload 1 IoCs
    rat
  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\download.exe
    "C:\Users\Admin\AppData\Local\Temp\download.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4432
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpF240.tmp.bat""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4056
      • C:\Windows\SysWOW64\timeout.exe
        timeout 3
        3⤵
        • Delays execution with timeout.exe
        PID:4212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmpF240.tmp.bat
    MD5

    5a7f56441452ee74c955a5a7909c2d7d

    SHA1

    0db8612b22f1e420e55432805aa5fb76e0deecd6

    SHA256

    741344bd270c6065cc83021d37a5373e4a346974a5aafe4eb84d55726cf37417

    SHA512

    d373deb91340d408556970512d77c630b261431e78803a011965d086ae0141dde628f6342d165fc5757cc80d0ebf2ed110a3f2bbbf7a7ded0f803a1ac8fffb60

    Download Submit
  • memory/4056-124-0x0000000000000000-mapping.dmp
    Download
  • memory/4212-126-0x0000000000000000-mapping.dmp
    Download
  • memory/4432-114-0x0000000000E50000-0x0000000000E51000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4432-116-0x00000000030B0000-0x00000000030B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4432-117-0x0000000005F90000-0x0000000005F91000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4432-118-0x0000000006530000-0x0000000006531000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4432-119-0x00000000060A0000-0x00000000060A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4432-120-0x0000000006310000-0x0000000006311000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4432-121-0x00000000062D0000-0x00000000062ED000-memory.dmp
    Filesize

    116KB

    Download
  • memory/4432-122-0x00000000064D0000-0x00000000064D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4432-123-0x0000000006FB0000-0x0000000006FB1000-memory.dmp
    Filesize

    4KB

    Download