asyncrat | 146f7a39df033afe4bb001da5b4a6eceb89f9efab5538c470b7f7f3cb4bbd15e | Triage

Analysis

max time kernel
152s
max time network
149s
platform
windows7_x64
resource
win7v20210408
submitted
04-05-2021 19:35

Sharing

Report Analysis Logs

General

Target

download.exe
Size

45KB
MD5

59c8e27d2d81f527f9ddacf055b28c50
SHA1

91755680598d3a93fcc0aa57d1760703c5480b00
SHA256

146f7a39df033afe4bb001da5b4a6eceb89f9efab5538c470b7f7f3cb4bbd15e
SHA512

105b93e00d39177e4d859ebb3c9012f1e622de050259c12399f962e69c3eefb5165c8e54ec26469d7c5c410c74472b504d6976f9f559eb4b6b24ff0062af2da7

Score

10^/10

asyncrat rat

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat

Async RAT payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/864-64-0x0000000000620000-0x000000000063D000-memory.dmp	asyncrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

download.exe

description pid process

Token: SeDebugPrivilege 864 download.exe

C:\Users\Admin\AppData\Local\Temp\download.exe
"C:\Users\Admin\AppData\Local\Temp\download.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/864-60-0x0000000000BC0000-0x0000000000BC1000-memory.dmp

Filesize
4KB

Download
memory/864-62-0x0000000075891000-0x0000000075893000-memory.dmp

Filesize
8KB

Download
memory/864-63-0x0000000004D20000-0x0000000004D21000-memory.dmp

Filesize
4KB

Download
memory/864-64-0x0000000000620000-0x000000000063D000-memory.dmp

Filesize
116KB

Download