Analysis
-
max time kernel
150s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
31-08-2022 20:34
General
-
Target
client1.exe
-
Size
106KB
-
MD5
a45243a9a3bbe9e9fa4ba48c406a83b4
-
SHA1
b8bad2bfe29580012897f0e514f3414ca2d2ae6f
-
SHA256
3e123119dcb3489d8a329f5c8cfc122f14191df2943d48a1843687fca316cc7c
-
SHA512
463030a54cbf4209eb3b9450b295cfae5f0f799c803df7fd996ac397c9c029926fdd638255bc7d93c8c4ac0dd5d4c5dd1a2022677c889c6dd7bf8e57c9416329
-
SSDEEP
1536:JxqjQ+P04wsmJC7SX+FDsWmPbaYk/ocpqKmY7y/Nl3r+xuw58KNFfY:sr85C7SYDsDPbaYk/o3zTbS351NFfY
Malware Config
Signatures
-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
-
Modifies system executable filetype association 2 TTPs 1 IoCs
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Async RAT payload 4 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\client1.exe"C:\Users\Admin\AppData\Local\Temp\client1.exe"1⤵
- Modifies system executable filetype association
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\client1.exe"C:\Users\Admin\AppData\Local\Temp\3582-490\client1.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
65KB
MD5c72d1b2751586e5b6dd80710ea3cc10e
SHA16954173e6bab5f8c9a156625429e472453b7423f
SHA25687b7ab290b7e94c5ec2af820bfe975f8e8897478214c2f98f8e2907114595fac
SHA512fa309a7fcb9f2810ab81699ebbbc22ddccb047b4bce6daf6789703cb5e4bded253ba00dfada9bc9b2d2a02b8c38c5893dfc2917a4806c0b464f12c1057cf5806
-
Filesize
65KB
MD5c72d1b2751586e5b6dd80710ea3cc10e
SHA16954173e6bab5f8c9a156625429e472453b7423f
SHA25687b7ab290b7e94c5ec2af820bfe975f8e8897478214c2f98f8e2907114595fac
SHA512fa309a7fcb9f2810ab81699ebbbc22ddccb047b4bce6daf6789703cb5e4bded253ba00dfada9bc9b2d2a02b8c38c5893dfc2917a4806c0b464f12c1057cf5806
-
Filesize
252KB
MD59e2b9928c89a9d0da1d3e8f4bd96afa7
SHA1ec66cda99f44b62470c6930e5afda061579cde35
SHA2568899b4ed3446b7d55b54defbc1acb7c5392a4b3bc8ec2cdc7c31171708965043
SHA5122ca5ad1d0e12a8049de885b90b7f56fe77c868e0d6dae4ec4b6f3bc0bf7b2e73295cc9b1328c2b45357ffb0d7804622ab3f91a56140b098e93b691032d508156
-
Filesize
65KB
MD5c72d1b2751586e5b6dd80710ea3cc10e
SHA16954173e6bab5f8c9a156625429e472453b7423f
SHA25687b7ab290b7e94c5ec2af820bfe975f8e8897478214c2f98f8e2907114595fac
SHA512fa309a7fcb9f2810ab81699ebbbc22ddccb047b4bce6daf6789703cb5e4bded253ba00dfada9bc9b2d2a02b8c38c5893dfc2917a4806c0b464f12c1057cf5806
-
Filesize
8KB
-
-
Filesize
88KB