asyncrat | b5152c3adf4885ee9c9542802d9c6f5dc2cbd8a0f467780ff9622058028e6b50 | Triage

Analysis

max time kernel
115s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2022 17:07

Sharing

Report Analysis Logs

General

Target

39bd1ac6a67c3f95c0f007265bac7c5d.exe
Size

76KB
MD5

39bd1ac6a67c3f95c0f007265bac7c5d
SHA1

20a557cb54acfe2c64673b44a0cd6f7bfd27047e
SHA256

b5152c3adf4885ee9c9542802d9c6f5dc2cbd8a0f467780ff9622058028e6b50
SHA512

670d12229e86065dac4dad37fff40247aa83b41c8a1d636f7cade1d98d8ccc1ed168e5f5715b2cde2787e0d8b8f3b4db082cc04a54ad2b36bb0708302647d054
SSDEEP

1536:PBkwyaSaVr5yQUdlBG456ihZAGXDBnio9JL:pPya/VrEQMlqihqotJL

Score

10^/10

asyncrat rat

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat

Async RAT payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/5060-132-0x00000000000C0000-0x00000000000DA000-memory.dmp	asyncrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

39bd1ac6a67c3f95c0f007265bac7c5d.exe

description pid process

Token: SeDebugPrivilege 5060 39bd1ac6a67c3f95c0f007265bac7c5d.exe

C:\Users\Admin\AppData\Local\Temp\39bd1ac6a67c3f95c0f007265bac7c5d.exe
"C:\Users\Admin\AppData\Local\Temp\39bd1ac6a67c3f95c0f007265bac7c5d.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5060-132-0x00000000000C0000-0x00000000000DA000-memory.dmp

Filesize
104KB

Download
memory/5060-133-0x00007FFAA2A00000-0x00007FFAA34C1000-memory.dmp

Filesize
10.8MB

Download
memory/5060-134-0x00007FFAA2A00000-0x00007FFAA34C1000-memory.dmp

Filesize
10.8MB

Download