Behavioral task
behavioral1
Sample
1296-58-0x0000000000080000-0x0000000000092000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1296-58-0x0000000000080000-0x0000000000092000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
1296-58-0x0000000000080000-0x0000000000092000-memory.dmp
-
Size
72KB
-
MD5
cfbe2463ac520243f0f6b6ebaee8a709
-
SHA1
a45cad463e61429dea7539ffdb6757cbc02a5072
-
SHA256
bc32129e02e5f9d372e31c083cc330b8fdf18764d4c8165d2a6be55ac1b7096b
-
SHA512
a53fedbece5db476c5a62fb292f72f5fcd193dd6d6ddea5f04744a261b28ab609d28ccf014db22e0a87b033e37a65340e6af7ab5a8ed220d329bcda345279562
-
SSDEEP
768:fu/6ZTgoiziWUUM9rmo2qrx9qD5ePINzjbcgX3iL0QmqnENnEOCBDZ:fu/6ZTgle2OQnN3bzXSwKMed
Malware Config
Extracted
asyncrat
0.5.7B
drax
azazws6606.linkpc.net:6606
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Signatures
Files
-
1296-58-0x0000000000080000-0x0000000000092000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 42KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ