Overview

overview

10

Static

static

1

3550755b36...8e.exe

windows7-x64

10

3550755b36...8e.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    143s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    04/03/2023, 07:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3550755b36a4944a5dfdcf54c092628e.exe

  • Size

    619KB

  • MD5

    3550755b36a4944a5dfdcf54c092628e

  • SHA1

    d4d1538ac728e6a81e5f938b17d30d1377ab4352

  • SHA256

    520beb909a622e4a50bcbae7a43194deda3478a4fe2c4e4c81d939761076e23f

  • SHA512

    4d7e402a2694346fe7c41dda0b29272ae267b779683ab152f513123354203df4f031768a9d93035e17ddb4ad3a78581c2a5023ecc4d8f140eb0068f7a53073d0

  • SSDEEP

    12288:zGdN/gKE0nbPbwFyyst+OMFWvBvWiv8i1w4buNNAXK7wAT/jNiaTMsoT:zcxgMnbPsF3st+OMFWvBvWiv8iK46NiT

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

154.91.228.23:8848

Mutex

DcRatMutex

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Async RAT payload 3 IoCs
    rat
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3550755b36a4944a5dfdcf54c092628e.exe
    "C:\Users\Admin\AppData\Local\Temp\3550755b36a4944a5dfdcf54c092628e.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Windows\SysWOW64\cmd.exe
      "cmd"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2024
      • C:\Windows\SysWOW64\schtasks.exe
        SchTasks /Create /SC DAILY /TN "My Task" /TR "C:\Users\Admin\Documents\system???.exe /ST 19:00
        3⤵
        • Creates scheduled task(s)
        PID:544

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5394.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • memory/1716-55-0x00000000002B0000-0x00000000002C2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1716-58-0x0000000004D30000-0x0000000004D70000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1716-59-0x0000000004D30000-0x0000000004D70000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1716-57-0x0000000004D30000-0x0000000004D70000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1716-56-0x0000000000130000-0x0000000000146000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1716-77-0x00000000008D0000-0x00000000008DE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1716-98-0x0000000004D30000-0x0000000004D70000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1716-99-0x0000000004D30000-0x0000000004D70000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1716-101-0x00000000023C0000-0x00000000023DA000-memory.dmp

    Filesize

    104KB

    Download