asyncrat | bb1f2c2c9b279790b67eaea6ab0bbce3a4d4432bbe1bd716750f2f9ba3337f7e

Analysis

max time kernel
60s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/02/2023, 14:33

Target

tmp.exe
Size

6.4MB
MD5

36e71813a30b96f64943eb8cea2c52ec
SHA1

838f8938ff5f6e2daa8975bbd2af3e785bf4cd8b
SHA256

bb1f2c2c9b279790b67eaea6ab0bbce3a4d4432bbe1bd716750f2f9ba3337f7e
SHA512

953bc81e1f6c27763f84a1599cd92e3f30aed9217589b4c47bd0ca802df7ceff903e14f87a96f2247cde8e8ed0ebfa3dbd840abb6c243b798cc0a19791296b85
SSDEEP

98304:pKbPmDVa3VxobFOPN5xXhAqin130T+SrpC6xJJ33Je2mCrPkwy0hyv:I7aItPN5htinQfBHJDNscEv

Score

10^/10

asyncrat rat

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral1/memory/1200-54-0x0000000000080000-0x00000000006E6000-memory.dmp	asyncrat

Suspicious behavior: EnumeratesProcesses 10 IoCs

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1200	tmp.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1200	tmp.exe

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2024

memory/1200-54-0x0000000000080000-0x00000000006E6000-memory.dmp

Filesize
6.4MB

Download
memory/1200-55-0x000000001BAD0000-0x000000001BD22000-memory.dmp

Filesize
2.3MB

Download
memory/1200-56-0x000007FEFB751000-0x000007FEFB753000-memory.dmp

Filesize
8KB

Download
memory/1200-57-0x000000001B527000-0x000000001B546000-memory.dmp

Filesize
124KB

Download
memory/1200-58-0x000000001B527000-0x000000001B546000-memory.dmp

Filesize
124KB

Download