Behavioral task
behavioral1
Sample
2444-533-0x0000000000400000-0x0000000000412000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2444-533-0x0000000000400000-0x0000000000412000-memory.exe
Resource
win10v2004-20230220-en
General
-
Target
2444-533-0x0000000000400000-0x0000000000412000-memory.dmp
-
Size
72KB
-
MD5
524c301120b23ed492fa67f6f0bebc66
-
SHA1
e21331ace2e9fa3e6b3caacc6cbfc979c203b094
-
SHA256
b41277306a9a7580fea7ef0d0bef92b83120e662bc3eb7b2794ba8613f3c2d7c
-
SHA512
f266fef72b29a35d8b9197f93b0c713cf59ae5e35b6392949649ecc632c16095bebc91b9abd78a4a04649d2f9f27b99e3e3c76325c944aa353bbd60ab3c60d58
-
SSDEEP
768:RD+q7EILuCCj+DiJOsebKAiLQ8YbYgvf1e0JvEgK/JkwVc6KN:p+vrJGKwzbP00JnkJkwVclN
Malware Config
Extracted
asyncrat
1.0.7
WindowsDefenderSmarttScreen
217.64.31.3:9742
WindowsDefenderSmarttScreen
-
delay
1
-
install
false
-
install_file
WindowsDefenderSmarttScreen.exe
-
install_folder
%AppData%
Signatures
Files
-
2444-533-0x0000000000400000-0x0000000000412000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
.text Size: 43KB - Virtual size: 43KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ