Analysis
-
max time kernel
157s -
max time network
119s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
01-02-2022 05:51
Behavioral task
behavioral1
Sample
6ba563174ba2887b5a2557c19c99be673cbe91010620670e1d7d26c71a012980.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
6ba563174ba2887b5a2557c19c99be673cbe91010620670e1d7d26c71a012980.exe
Resource
win10v2004-en-20220112
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
6ba563174ba2887b5a2557c19c99be673cbe91010620670e1d7d26c71a012980.exe
-
Size
48KB
-
MD5
b419d03103d2ded97801b9ca85709e48
-
SHA1
5de1b7939a7c6e2478a3e312cdab21649e5cd85f
-
SHA256
6ba563174ba2887b5a2557c19c99be673cbe91010620670e1d7d26c71a012980
-
SHA512
f620ca62c2eed661eb9b90f97f8dcbd20fb0e46d1a40740bcac67dbc618500a4e7ffe8b2c0422fec0c3b4a413ec24929f716da654e04a06bc2f9a8b37f79481a
Malware Config
Signatures
-
Async RAT payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1220-54-0x00000000001F0000-0x0000000000202000-memory.dmp asyncrat -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
6ba563174ba2887b5a2557c19c99be673cbe91010620670e1d7d26c71a012980.exepid process 1220 6ba563174ba2887b5a2557c19c99be673cbe91010620670e1d7d26c71a012980.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
6ba563174ba2887b5a2557c19c99be673cbe91010620670e1d7d26c71a012980.exedescription pid process Token: SeDebugPrivilege 1220 6ba563174ba2887b5a2557c19c99be673cbe91010620670e1d7d26c71a012980.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6ba563174ba2887b5a2557c19c99be673cbe91010620670e1d7d26c71a012980.exe"C:\Users\Admin\AppData\Local\Temp\6ba563174ba2887b5a2557c19c99be673cbe91010620670e1d7d26c71a012980.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken