Overview

overview

10

Static

static

10

097bfdbad5...93.exe

windows7-x64

10

097bfdbad5...93.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    42s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    10-10-2022 09:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    097bfdbad5fa88d41d2a76ac5d28c5ec8732498b91fc034f0ebc2735c1474693.exe

  • Size

    5.4MB

  • MD5

    f99910d2ca786080aa077986a4a1d0d3

  • SHA1

    64d8e2e8a030ddf9e521a0718571ee62cfdbb7c6

  • SHA256

    097bfdbad5fa88d41d2a76ac5d28c5ec8732498b91fc034f0ebc2735c1474693

  • SHA512

    23ec2b6e23a15f9fd66befaf71bea1c51334cfc110177a952f308f0c314dda74041caeb6c2a4e501053a064edbe992e0a05a226a6563f7356627d86b04dc64e4

  • SSDEEP

    98304:zbPmDVa3VxobFwd0T+SrpC6xJJ33Je29iCrPkwy0hye:z7aIXofBHJD/scE

Score
10/10
asyncratrat

Malware Config

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers.

    ratasyncrat
  • Async RAT payload 1 IoCs
    rat
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\097bfdbad5fa88d41d2a76ac5d28c5ec8732498b91fc034f0ebc2735c1474693.exe
    "C:\Users\Admin\AppData\Local\Temp\097bfdbad5fa88d41d2a76ac5d28c5ec8732498b91fc034f0ebc2735c1474693.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1912
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:1228

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1912-54-0x0000000000970000-0x0000000000ED2000-memory.dmp
      Filesize

      5.4MB

      Download
    • memory/1912-55-0x0000000005270000-0x00000000054C2000-memory.dmp
      Filesize

      2.3MB

      Download
    • memory/1912-56-0x00000000763F1000-0x00000000763F3000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1912-57-0x0000000000496000-0x00000000004A7000-memory.dmp
      Filesize

      68KB

      Download
    • memory/1912-58-0x0000000000496000-0x00000000004A7000-memory.dmp
      Filesize

      68KB

      Download