Overview

overview

10

Static

static

10

1636405ad0...3c.exe

windows7_x64

10

1636405ad0...3c.exe

windows10_x64

10

Analysis

  • max time kernel
    81s
  • max time network
    153s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    26-09-2021 19:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1636405ad0ceac2cc2f216c8c6981d3c.exe

  • Size

    45KB

  • MD5

    1636405ad0ceac2cc2f216c8c6981d3c

  • SHA1

    a1801a73b0e657b1527c5bdfe3f079cb0f202212

  • SHA256

    76529bae9e673736b384c748cd25c6b55327c083cdffa62477bb8542f4d3e7bd

  • SHA512

    8cf9db8a72e808ee89af8b0c6a02c3aee7f47fc15ff7a3103643b3a83723f951fc1298bb939746dfccf19d85a5b3bb88999df3fbf63c0fe6c6b338bfd74ba28a

Score
10/10
asyncratratsuricata

Malware Config

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers.

    ratasyncrat
  • suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

    suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)

    suricata
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1636405ad0ceac2cc2f216c8c6981d3c.exe
    "C:\Users\Admin\AppData\Local\Temp\1636405ad0ceac2cc2f216c8c6981d3c.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4060-114-0x0000000000150000-0x0000000000151000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4060-116-0x0000000004B20000-0x0000000004B21000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4060-117-0x0000000005280000-0x0000000005281000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4060-118-0x0000000005830000-0x0000000005831000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4060-119-0x00000000053A0000-0x00000000053A1000-memory.dmp
    Filesize

    4KB

    Download