Analysis
-
max time kernel
115s -
max time network
187s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
03-10-2022 17:07
Behavioral task
behavioral1
Sample
39bd1ac6a67c3f95c0f007265bac7c5d.exe
Resource
win7-20220901-en
windows7-x64
3 signatures
150 seconds
General
-
Target
39bd1ac6a67c3f95c0f007265bac7c5d.exe
-
Size
76KB
-
MD5
39bd1ac6a67c3f95c0f007265bac7c5d
-
SHA1
20a557cb54acfe2c64673b44a0cd6f7bfd27047e
-
SHA256
b5152c3adf4885ee9c9542802d9c6f5dc2cbd8a0f467780ff9622058028e6b50
-
SHA512
670d12229e86065dac4dad37fff40247aa83b41c8a1d636f7cade1d98d8ccc1ed168e5f5715b2cde2787e0d8b8f3b4db082cc04a54ad2b36bb0708302647d054
-
SSDEEP
1536:PBkwyaSaVr5yQUdlBG456ihZAGXDBnio9JL:pPya/VrEQMlqihqotJL
Malware Config
Signatures
-
Async RAT payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/5060-132-0x00000000000C0000-0x00000000000DA000-memory.dmp asyncrat -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
39bd1ac6a67c3f95c0f007265bac7c5d.exedescription pid process Token: SeDebugPrivilege 5060 39bd1ac6a67c3f95c0f007265bac7c5d.exe