Analysis
-
max time kernel
154s -
max time network
135s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
01-02-2022 07:59
Behavioral task
behavioral1
Sample
2040e0fb90da8f25ccd622f68c07fa04a59ff3c36f02c13d3c3e5b4b8ed5325d.exe
Resource
win7-en-20211208
0 signatures
0 seconds
General
-
Target
2040e0fb90da8f25ccd622f68c07fa04a59ff3c36f02c13d3c3e5b4b8ed5325d.exe
-
Size
46KB
-
MD5
0a8a9adccde79eeafe452113523cfe35
-
SHA1
a35824e3aafcfbf084f90f319505bf3f45c33615
-
SHA256
2040e0fb90da8f25ccd622f68c07fa04a59ff3c36f02c13d3c3e5b4b8ed5325d
-
SHA512
46b894f0931d0ff30c47e56e0d3f869ce1af6126534524c12740e1d374215b1bc7b6c22e3c2a818ddc92c9220925a5a955fecbb57babe1a6c2219c212c61ec11
Malware Config
Signatures
-
Async RAT payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/848-54-0x00000000003C0000-0x00000000003D2000-memory.dmp asyncrat -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
2040e0fb90da8f25ccd622f68c07fa04a59ff3c36f02c13d3c3e5b4b8ed5325d.exepid process 848 2040e0fb90da8f25ccd622f68c07fa04a59ff3c36f02c13d3c3e5b4b8ed5325d.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
2040e0fb90da8f25ccd622f68c07fa04a59ff3c36f02c13d3c3e5b4b8ed5325d.exedescription pid process Token: SeDebugPrivilege 848 2040e0fb90da8f25ccd622f68c07fa04a59ff3c36f02c13d3c3e5b4b8ed5325d.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2040e0fb90da8f25ccd622f68c07fa04a59ff3c36f02c13d3c3e5b4b8ed5325d.exe"C:\Users\Admin\AppData\Local\Temp\2040e0fb90da8f25ccd622f68c07fa04a59ff3c36f02c13d3c3e5b4b8ed5325d.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken