Overview

overview

10

Static

static

977ff0149b...91.exe

windows7_x64

10

977ff0149b...91.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    142s
  • max time network
    160s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    30-06-2022 23:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    977ff0149b3f10a314f5f559e9f176d92ed2f57e70e11832eefa168b9af77991.exe

  • Size

    886KB

  • MD5

    2cd51cad030466214cbb6a178988ed36

  • SHA1

    dddda4e4138a647f9a5b9d4dd3325b7e73b4d80d

  • SHA256

    977ff0149b3f10a314f5f559e9f176d92ed2f57e70e11832eefa168b9af77991

  • SHA512

    7b9b550f7a59bbd67c71b2590f2a9ef45f0c606326c83b824e23b8002db1469e8e54ab82de9c1b615154735a3952a0bc7037f0644643504c68833bd08ea158e8

Score
10/10
asyncratadoberat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Adobe

C2

20.36.21.13:2070

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers.

    ratasyncrat
  • Async RAT payload 6 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\977ff0149b3f10a314f5f559e9f176d92ed2f57e70e11832eefa168b9af77991.exe
    "C:\Users\Admin\AppData\Local\Temp\977ff0149b3f10a314f5f559e9f176d92ed2f57e70e11832eefa168b9af77991.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Users\Admin\AppData\Local\Temp\977ff0149b3f10a314f5f559e9f176d92ed2f57e70e11832eefa168b9af77991.exe
      "{path}"
      2⤵
        PID:1280

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1280-58-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/1280-59-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/1280-61-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/1280-62-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/1280-63-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/1280-64-0x000000000040C6EE-mapping.dmp
      Download
    • memory/1280-66-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/1280-68-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download
    • memory/1968-54-0x0000000000B00000-0x0000000000BE4000-memory.dmp
      Filesize

      912KB

      Download
    • memory/1968-55-0x00000000764C1000-0x00000000764C3000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1968-56-0x00000000009E0000-0x00000000009F4000-memory.dmp
      Filesize

      80KB

      Download
    • memory/1968-57-0x0000000004850000-0x00000000048A0000-memory.dmp
      Filesize

      320KB

      Download