Overview

overview

10

Static

static

10

6ba563174b...80.exe

windows7_x64

10

6ba563174b...80.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    157s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    01-02-2022 05:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ba563174ba2887b5a2557c19c99be673cbe91010620670e1d7d26c71a012980.exe

  • Size

    48KB

  • MD5

    b419d03103d2ded97801b9ca85709e48

  • SHA1

    5de1b7939a7c6e2478a3e312cdab21649e5cd85f

  • SHA256

    6ba563174ba2887b5a2557c19c99be673cbe91010620670e1d7d26c71a012980

  • SHA512

    f620ca62c2eed661eb9b90f97f8dcbd20fb0e46d1a40740bcac67dbc618500a4e7ffe8b2c0422fec0c3b4a413ec24929f716da654e04a06bc2f9a8b37f79481a

Score
10/10
asyncratrat

Malware Config

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers.

    ratasyncrat
  • Async RAT payload 1 IoCs
    rat
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6ba563174ba2887b5a2557c19c99be673cbe91010620670e1d7d26c71a012980.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba563174ba2887b5a2557c19c99be673cbe91010620670e1d7d26c71a012980.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1220-54-0x00000000001F0000-0x0000000000202000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1220-55-0x00000000003A0000-0x0000000000560000-memory.dmp
    Filesize

    1.8MB

    Download