Analysis
-
max time kernel
121s -
max time network
152s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
29-10-2021 08:20
Behavioral task
behavioral1
Sample
AsyncClient.exe
Resource
win7-en-20211014
windows7_x64
0 signatures
0 seconds
General
-
Target
AsyncClient.exe
-
Size
45KB
-
MD5
d4b8b8cfd3b479a8138cd750c58a7c82
-
SHA1
b96aa9a15e4076786b16edfef4b3a92d289a3cad
-
SHA256
1490f6303a675ded86c22841f87868c6f0867e922671e0426f499e46a72060d2
-
SHA512
388654ac3e7c550b1a350efab96d8c9f30450a02edfa3d91a902e915a4bdaee26d628ed2cd3f6dfbb9601ccf0a2feb0b06f098562ae384e88abbb3a05b9d1978
Malware Config
Signatures
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
AsyncClient.exedescription pid process Token: SeDebugPrivilege 3132 AsyncClient.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3132-115-0x0000000000AF0000-0x0000000000AF1000-memory.dmpFilesize
4KB
-
memory/3132-117-0x00000000053C0000-0x00000000053C1000-memory.dmpFilesize
4KB
-
memory/3132-118-0x0000000005B40000-0x0000000005B41000-memory.dmpFilesize
4KB
-
memory/3132-119-0x00000000060E0000-0x00000000060E1000-memory.dmpFilesize
4KB
-
memory/3132-120-0x0000000005BE0000-0x0000000005BE1000-memory.dmpFilesize
4KB