Overview

overview

10

Static

static

977ff0149b...91.exe

windows7_x64

10

977ff0149b...91.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    144s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    30-06-2022 23:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    977ff0149b3f10a314f5f559e9f176d92ed2f57e70e11832eefa168b9af77991.exe

  • Size

    886KB

  • MD5

    2cd51cad030466214cbb6a178988ed36

  • SHA1

    dddda4e4138a647f9a5b9d4dd3325b7e73b4d80d

  • SHA256

    977ff0149b3f10a314f5f559e9f176d92ed2f57e70e11832eefa168b9af77991

  • SHA512

    7b9b550f7a59bbd67c71b2590f2a9ef45f0c606326c83b824e23b8002db1469e8e54ab82de9c1b615154735a3952a0bc7037f0644643504c68833bd08ea158e8

Score
10/10
asyncratadoberat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Adobe

C2

20.36.21.13:2070

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers.

    ratasyncrat
  • Async RAT payload 1 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\977ff0149b3f10a314f5f559e9f176d92ed2f57e70e11832eefa168b9af77991.exe
    "C:\Users\Admin\AppData\Local\Temp\977ff0149b3f10a314f5f559e9f176d92ed2f57e70e11832eefa168b9af77991.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3864
    • C:\Users\Admin\AppData\Local\Temp\977ff0149b3f10a314f5f559e9f176d92ed2f57e70e11832eefa168b9af77991.exe
      "{path}"
      2⤵
        PID:4400

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\977ff0149b3f10a314f5f559e9f176d92ed2f57e70e11832eefa168b9af77991.exe.log
      Filesize

      1KB

      MD5

      8ec831f3e3a3f77e4a7b9cd32b48384c

      SHA1

      d83f09fd87c5bd86e045873c231c14836e76a05c

      SHA256

      7667e538030e3f8ce2886e47a01af24cb0ea70528b1e821c5d8832c5076cb982

      SHA512

      26bffa2406b66368bd412bf25869a792631455645992cdcade2dbc13a2e56fb546414a6a9223b94c96c38d89187add6678d4779a88b38b0c9e36be8527b213c3

      Download Submit
    • memory/3864-130-0x0000000000BB0000-0x0000000000C94000-memory.dmp
      Filesize

      912KB

      Download
    • memory/3864-131-0x0000000008080000-0x0000000008624000-memory.dmp
      Filesize

      5.6MB

      Download
    • memory/3864-132-0x0000000007B70000-0x0000000007C02000-memory.dmp
      Filesize

      584KB

      Download
    • memory/3864-133-0x0000000007B20000-0x0000000007B2A000-memory.dmp
      Filesize

      40KB

      Download
    • memory/3864-134-0x000000000B3A0000-0x000000000B43C000-memory.dmp
      Filesize

      624KB

      Download
    • memory/4400-135-0x0000000000000000-mapping.dmp
      Download
    • memory/4400-136-0x0000000000400000-0x0000000000412000-memory.dmp
      Filesize

      72KB

      Download