Analysis
-
max time kernel
81s -
max time network
153s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
26-09-2021 19:04
Behavioral task
behavioral1
Sample
1636405ad0ceac2cc2f216c8c6981d3c.exe
Resource
win7-en-20210920
0 signatures
0 seconds
General
-
Target
1636405ad0ceac2cc2f216c8c6981d3c.exe
-
Size
45KB
-
MD5
1636405ad0ceac2cc2f216c8c6981d3c
-
SHA1
a1801a73b0e657b1527c5bdfe3f079cb0f202212
-
SHA256
76529bae9e673736b384c748cd25c6b55327c083cdffa62477bb8542f4d3e7bd
-
SHA512
8cf9db8a72e808ee89af8b0c6a02c3aee7f47fc15ff7a3103643b3a83723f951fc1298bb939746dfccf19d85a5b3bb88999df3fbf63c0fe6c6b338bfd74ba28a
Malware Config
Signatures
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
1636405ad0ceac2cc2f216c8c6981d3c.exedescription pid process Token: SeDebugPrivilege 4060 1636405ad0ceac2cc2f216c8c6981d3c.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4060-114-0x0000000000150000-0x0000000000151000-memory.dmpFilesize
4KB
-
memory/4060-116-0x0000000004B20000-0x0000000004B21000-memory.dmpFilesize
4KB
-
memory/4060-117-0x0000000005280000-0x0000000005281000-memory.dmpFilesize
4KB
-
memory/4060-118-0x0000000005830000-0x0000000005831000-memory.dmpFilesize
4KB
-
memory/4060-119-0x00000000053A0000-0x00000000053A1000-memory.dmpFilesize
4KB