Analysis
-
max time kernel
334s -
max time network
622s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
27-01-2022 00:07
Behavioral task
behavioral1
Sample
ASyncClient.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
General
-
Target
ASyncClient.exe
-
Size
47KB
-
MD5
a55e7fac7220b4c104731b3c5bc1c3d0
-
SHA1
9bfd7a6eff366cf1aa32d170082c988cb563eb13
-
SHA256
fbe40109ce79c04cd5b3e60bdf8fe625aaf66d56ca2d41be88597f9033ae22e7
-
SHA512
779657acd0684933b51d06d03fb459e79049f6655b5da76a12b01dfcd9f4e10687aa515017559c708d5fc5221a29b377b263c8db986c39a88137df4a40d34f27
Malware Config
Signatures
-
Async RAT payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/3440-116-0x0000000000E50000-0x0000000000E62000-memory.dmp asyncrat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
ASyncClient.exedescription pid process Token: SeDebugPrivilege 3440 ASyncClient.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3440-116-0x0000000000E50000-0x0000000000E62000-memory.dmpFilesize
72KB
-
memory/3440-117-0x0000000005830000-0x0000000005831000-memory.dmpFilesize
4KB
-
memory/3440-118-0x0000000005FD0000-0x000000000606C000-memory.dmpFilesize
624KB
-
memory/3440-119-0x0000000006570000-0x0000000006A6E000-memory.dmpFilesize
5.0MB
-
memory/3440-120-0x00000000060E0000-0x0000000006146000-memory.dmpFilesize
408KB