asyncrat | b27f6eb1dc90fc2f6812ec6f72ce1d02cd73278530d74d54eeb4b3b24d32d8b5

Analysis

max time kernel
2s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
30-11-2022 14:58

Target

b27f6eb1dc90fc2f6812ec6f72ce1d02cd73278530d74d54eeb4b3b24d32d8b5.exe
Size

42KB
MD5

f2008bffad5ccf9cd33e507aa09115e6
SHA1

9263848ea90eedf58a90ba16a4ef13e0e5a8f33d
SHA256

b27f6eb1dc90fc2f6812ec6f72ce1d02cd73278530d74d54eeb4b3b24d32d8b5
SHA512

b9aaaf9ef49938fcc1633f53e6ee6a5a3317acfa852f5eafb673239c4df0421ed355d574132663530939da180928dcc80e2b7e53c4e9395b66660d31f92979fb
SSDEEP

768:J1zdC9wQCSVsjYj4rJbsfE6CqLw4B4oqYaoCujbfLP1rB:fcVVsjYUrJbHp54B4oqECCbfLdl

Score

10^/10

asyncrat rat

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

844 1788 WerFault.exe b27f6eb1dc90fc2f6812ec6f72ce1d02cd73278530d74d54eeb4b3b24d32d8b5.exe

pid	pid_target	process	target process
844	1788	WerFault.exe	b27f6eb1dc90fc2f6812ec6f72ce1d02cd73278530d74d54eeb4b3b24d32d8b5.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

b27f6eb1dc90fc2f6812ec6f72ce1d02cd73278530d74d54eeb4b3b24d32d8b5.exe

description	pid	process	target process
PID 1788 wrote to memory of 844	1788	b27f6eb1dc90fc2f6812ec6f72ce1d02cd73278530d74d54eeb4b3b24d32d8b5.exe	WerFault.exe
PID 1788 wrote to memory of 844	1788	b27f6eb1dc90fc2f6812ec6f72ce1d02cd73278530d74d54eeb4b3b24d32d8b5.exe	WerFault.exe
PID 1788 wrote to memory of 844	1788	b27f6eb1dc90fc2f6812ec6f72ce1d02cd73278530d74d54eeb4b3b24d32d8b5.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\b27f6eb1dc90fc2f6812ec6f72ce1d02cd73278530d74d54eeb4b3b24d32d8b5.exe
"C:\Users\Admin\AppData\Local\Temp\b27f6eb1dc90fc2f6812ec6f72ce1d02cd73278530d74d54eeb4b3b24d32d8b5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1788

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1788 -s 512
2⤵
- Program crash
PID:844

memory/844-55-0x0000000000000000-mapping.dmp

Download
memory/1788-54-0x000000013FDE0000-0x000000013FDF0000-memory.dmp

Filesize
64KB

Download