aea1e7906f7c4c8736efd398ccb819a6739058ee2e0ee87cac29ac72d764ec29

Analysis

max time kernel
1723s
max time network
1585s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26-03-2023 12:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AsyncRAT v0.5.7B/Plugins/RemoteDesktop.dll
Size

125KB
MD5

53d67016fed1d45e2f00fd77c02b1ed6
SHA1

b13cb342b6faaacba0e9d98dfdaf3fd21a31ba2a
SHA256

51b6c6b17b4ee2e99883640e3763c27e48af1fb0562c8e75b2a5a8bbeea9039f
SHA512

8fd6961164702162229684d4a1cb0169e0423c3fab9fd7028bc1d4e74283901c25b09fcf1e3175f686ff937511e157bd91243d86aaefb4afbdd98cf14f4763fd
SSDEEP

1536:ZEIUsJHvUA/loUO5ZexdeodnUstxQbqp3VviJFPYdl9YfcaTYRsCnPgkD8BDgiWy:KsB/a8feMmzpYCMRbPgh1Ys

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 12 IoCs

Processes:

svchost.exe

description	ioc	process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{7F0CFF73-4651-45F5-93B6-F67CE38DD79C}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{D8F6D795-F284-4D3E-8D77-0D47AEA1D528}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{AF771983-BE22-4A75-98A9-41684DA8B832}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{0D1A8E3A-C59D-4BB5-B006-8232097624FB}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{58A5CF02-306C-427C-83F7-C9F17139A99D}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{5B967A09-10E6-4EED-A62E-E7BB5CE43726}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{1AF5768D-A836-4B2A-A4FC-F358B179C20C}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{3D8E6F97-EE8F-4A0E-A1A7-1005C773D742}.catalogItem	svchost.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\AsyncRAT v0.5.7B\Plugins\RemoteDesktop.dll",#1
1⤵
PID:5080

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:4332

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\wsu3765.tmp
Filesize
36KB

MD5
761388ca8095173f6963b1d23ad8a68b

SHA1
41e2693d0efc36cb0b97ea215d554932c46464ab

SHA256
369a2323cb569b44970884d5af3d70e38c9cfb59a54d929fabb51ba46593aa06

SHA512
2db4576927b4325dc51ce1755d55b00f7153a10424ca79fb7f32f8c92a5dec899c3961b44a15a129f1e5234b53a89c8946192703b88b10e70e86670e5831ebdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsu3B80.tmp
Filesize
14KB

MD5
c01eaa0bdcd7c30a42bbb35a9acbf574

SHA1
0aee3e1b873e41d040f1991819d0027b6cc68f54

SHA256
32297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40

SHA512
d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
07697a0475de0ca8f45c89761045e507

SHA1
128705808a3d98063d7f1742e4b6c312f8f63327

SHA256
4b82fc78d454324d0d07f01294e9b3e06ba2c92974a27f62057c2e4935a5d3f9

SHA512
f5b0d7e8cc6bcc97201a660944720c074c5d0734b40c4b45f14dddb8fcbd43cfd070123b5ab8f05bdd8f3c9aa0dfa7398b1ed7d00942a30024eb7b4e48e53865

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
45faec4c183ed70c1832a26afccdeaed

SHA1
390430346c4c9f8c3e277eff16f187ea0dc05c54

SHA256
1fc90a1a48d31e310305e47468b19984cde86691c94b1f2b6d5b6db0158c1e72

SHA512
f751d0bd9fd5ce56eedcf3622dbf1370f372c567b463fe748aa99f977fd3017bed5049e548ad20dac5b63f0b63c2aca89f996aa0bcc66b98d5020346b2b57268

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
d7ec872d71be852119e4f77c6cda9857

SHA1
5f7a793364c51f0a422673c34e63e98a6c2c7b93

SHA256
77d165123b330a56b820765f0bcd1150e0ef64b55fe96a192e794c550cf4be78

SHA512
8434c2b2ede1cf29b34493d8df56272ebb1e4026d9c048a77e224b07ead2d8fd5d34c5d98704b31259cb1b62c0dafa21af3c7592508b49774d3f0a789a72abe7

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
d70d6f7bcaf87339debdd95e5e351b75

SHA1
84b78f1adc6cd40a954bba1785db6ea43397c742

SHA256
874748b55289d06c0f2c6b5c6226113bc1d486b9664c65d9a390079110d6d30c

SHA512
06e024b64a7ce5a3d4d2faabb1c076d7afc46a3926bfbc0781181f2a5830547ce41b1ed990c261ce2d9eb28df4a34206245c587b73fd0dbc56aab6d9c88959bd

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
d2184acb51a08579d1ad21c04412ba8c

SHA1
4a365decc8bb529d733aeb31b763c6a4b841b694

SHA256
9647d55f849a6e9664aff21019b19ad4ea979ab27faa77bfb7181d8ddc7e5b4a

SHA512
13317ccf65b6f74c5948e24af156d96192c4477349718764ff18f8a978358c8130cbc20591c832508bb348aa3bca95714ecac4869d3775e5158334cabacf7d50

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
8238050cbfa0a50a340186e04eda004d

SHA1
ebed48bd8024e04715f8914073d7ea68f892c185

SHA256
17ed2515417c4e581b2969515dbfbbe013960cce15091bb34cb627ca7112d8d3

SHA512
5fffa25e6a9b3effe80542f7a8f13c82aaebe896e1fad0a40b3935cfe6ccfed953964da9bdb5b19ef4ad2bfe566e2884aaea14ab800b03dc90bf0e1252d2785c

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
6f8b6e677de8f567640fd7776ef46950

SHA1
0f2a094ab0590fc0b355bbed9c6beee5cd83f63d

SHA256
121c2c6b738818a377bcc9e9b9a36a9b932e6ea9201a953fcf574ed2e68a37d2

SHA512
de03e36ee3ff8b794fe3b1eda9bfdc81b2e925ca1a26cab5dacae8ebb5e485ad6b92acbe84f46a97afdf63a8cbe82b0ce9e11be9dd91bec1f0a9668a928a5c95

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
a84fac4a23c8b35f15815c3dda4220c3

SHA1
1acf4c46accc14ddfe10dbdfb42c91883abb99d7

SHA256
5e295e2660a316360ddd45ae2a7cb7c81923246073dc459396dfbe9761ddb623

SHA512
acc3593ddba1ea9547754163cdbb01a348dd0b17f5fbdae132320596b23db6d0fa8f4c9203912045e2170425a6936c8d7e348e297124d9aaf569aa087aebec98

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
37dc49c3a8bd8118dd416f23c832b2ac

SHA1
0cedc44f02f347ddf3725dad1694d75cc5037dba

SHA256
c3e0d94ccc55f0da8b8bf12653234b670bbc9371b83fc59d206afab572f86aa0

SHA512
c7454cd87790ea8bb0bacc15bf0d02f88e3535a45bbc645732ba84e4722606e22af8c2f65bd96aaf336abba96c44707d77ddea3713a52512b01a33a7ea90258a

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
9318cb184484f511df13f1e7e84e626d

SHA1
ee6fd30c19bc35a4f5dc26ac746f4af945ffb5e2

SHA256
96eaad441b9f0bdb6e888471e5551faa610b3d847e812df4b1dd72599c5189da

SHA512
d576f020f83f4f5e5032bb35094dfacb3d641a04fae544f3f05d9d615fbcb10c6ecee833838188cfd4fabb6e34d8a6fd696ef7ae57d6f0426efe58f968d92a5e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
049724adb7cfd8cc2e929730ad6b2d89

SHA1
1413e185d48281a3c63d7cbbc1eaec5b72093b9d

SHA256
afa0360239292b215738950463f66d362ab77b789ce0d4b7ffa614563f3b707a

SHA512
96e420b59f48b00909e8c302cf8b664afd02c5354c8cc2b1666f12825179eeac30ce0e8148ea56fd4239c3f6ac4137c1f49c2d8edfc00ac8ee07a68b404bb3b7

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
5b6f414f0d1ede9790abdb561088b59b

SHA1
c0ba1ff94ea09c37e43f138bbf2f87c38b1e84c0

SHA256
006f9e5f62c266dfc45febc8ddc3ae5044c555c1fba48abfb5d5faaa0c6aad31

SHA512
2ec88d7233c7cc6473a970859aa900f39b80a7c44adc3a4f4364a3305c7b42838920872027c2f9c588e954531005f5b8b7fd3cc04e3c8bd9e2751e968c4a229a

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
bdd8b997e1a4a487dd6d8cde6cd8e5be

SHA1
1c1ff69c19b2d48d9973e457aebbec3bbc785b96

SHA256
826e549ce493a7be8be12df7e3c4281a8c06348f6b0882a59f013c910a2ade8d

SHA512
0280ab2e21f7a9e0a48160833aef010369d894d5c0f2a564ba343b2db2c911a58e097c4aff7dff601800e9ecd97af303829fae46c0485265a64411ec4294515d

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
ec61220945ef2f4e5d4c5dce8e05ef74

SHA1
b475fc101e4c2ecd460a6964ec74e871bf102476

SHA256
c1aa1ab6d220befb2802e137d39b3115b4bf9a67f2bde8c7a7890dc101e947a8

SHA512
28b20c7cbde6ce93f25bd07ea4121cb32742490be1be808c0b954eece2194edecbc71180b0159d7c736ff48c151d9098b1390db4361e7f5b5de0d50b2b574aea

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
0599a104ff4a5b91e9b3154e96d3ab1b

SHA1
eaa4f7a576d108ea4d69368172291ce1d348f127

SHA256
177c4ff4fa9a2dbdc1255f482dba7deca34d165272278b2968808a8c90b021b9

SHA512
836d83c93ea45f5dfeb17e02e3c91b1adc0f3b3cc6912eefbb4f4059d97bd309922fd67d6443480d4d1ed67c182e6b0fc003f59d866da1e0e97378df67fd94b7

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
afaa92deea599b927e2674c632ea8c62

SHA1
14d1566c11efb2c2ec0b2cec6b9b417e59e14f06

SHA256
279df32921c083a2887cc62170268278775239d3dda50fcf7e496f6cd40ab651

SHA512
b5b0d3d8872f64abef0c8537e2b8476a309b28c311c44b43f631d039b766f7ee50a1ce736850072e283df438aa994591e441a8c9e12541bdd487f0a9e6ecedff

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
5c8243941f8f30a1e54102abb39eb604

SHA1
8be58c98c07f255abcdfb7357f502e671d05234a

SHA256
d5c1b7c7945353471394acc11c18199fe3a047a9c50447989feef28194f5b53f

SHA512
94d7fe6585c0018d516d3342bfb9aead7b2d5045c6e80f21c5e3f1bb94818295f9bb32038b1a051ec6fb81d0be8108f87bc5f6b236622c4b53f95a3c77f88e78

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
e1a4d7277842eed4dd45612fc4177fbe

SHA1
5bd4828e356c0bf47e2339f21a1bcf94d9628745

SHA256
023fbfc085c3e547534da11f23510f9c065318a1ea61de64e63681ab943a68ae

SHA512
3a349862210bb9ce6a7b8cfb1c0b0e4177a7f510162bd933df438cbc947c77bbf4fa242886cfc3e37f410a3c70509f8e1923493d35d9e5de44df4bbc7ea73de6

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
Filesize
29KB

MD5
5e881142955f88729f0c0729d425dfe4

SHA1
744e9ceefd60385d2ca7d4d0c6be430716d54c5c

SHA256
73279f483b69dd09bc6528f226438c6e58d650a61c287a935628e48219b2817c

SHA512
d2f22df86c5ee9358066fea1a9223a7271f10202f6b744f7009754d5a4d27ff3a31011ebcb9e7e22650e1d5803c61fd2c0478920fcdfb02b48f04752e50fae11

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat
Filesize
66KB

MD5
3393120f0b4607e67b93bb5c8a84f562

SHA1
5c003aca4a8678970128713c33b83c5e15ce049e

SHA256
b6f0319741b5e6b775e171be014e4dfdb315a220e619ba124d53b57697b92974

SHA512
05d4f979271d60529602aea6579670ae47365d630c4379bcda1f78601c4eb48d2b72d24df18e792a15fd583fc919c4ce729cfd01be807a1ffcfeb82bb03dd354

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat
Filesize
66KB

MD5
465cf7bbf1d0c5d4ea77ac6e60cd3c31

SHA1
4ac3f536418e386c36b523502cc67197e6ceeebd

SHA256
8b0cab661b206a9f1f202f8658b73a62f795a24eea280c08d363ffd1f2a4825c

SHA512
666e0622c14fd55ea42903258a5c0b1313bbdd4cf482b6b30750bbc650c81c74b8812bcf84c795f1fcbafc507dac2164f0cffcfbda3cebb01d10fe03aeb47569

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat
Filesize
66KB

MD5
cb11d47ad2da7d4d53eb37b88a35ca44

SHA1
5d4de5938c270d63240459257c38244322d8c272

SHA256
8f51b3f32343c10d538d3669c8bc1f96b6c3117be29019b1379f5b779e1c245e

SHA512
4be2f6b089d9b7b26ef5db5a2cf588e1a679bb895e3a6458227d84290e5ead5257c1d7836d707455e7143d93bd49aba26e4925dee78b2af419ae72c552ee632f

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat
Filesize
66KB

MD5
f161b17e9a3298c6d671f389741d1181

SHA1
27403a4e05ca15390f081f2ccbe2ece5830e41b2

SHA256
1cf1a5efee524084fb0a488e22b893bc753c0a281edb5b4d5cc478dfb7dcdc6c

SHA512
cdae043b113f76171c93f4649ac395ea32073d3930d519bd09913842207f5c86edd7512e2882cfe484f9304eb2d1c843bcff25ed5bf4db9888e3fa0aef558992

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NXQXXLFST89.dat
Filesize
66KB

MD5
2a514e498d9011ef73e677dd40186341

SHA1
b26f804b5d0f8434ee7ab58df0b2a25e4bc66e39

SHA256
7a9f763094fa6021e064751a729cd4652f807d391bf6b1388e530758e70d0757

SHA512
7143f2412b1ffa3c6222d86d3d080544ad2baf26242980f214cf304cb74d3c96c4659afd278b1dd446cc5c5f7f0e2f701e20ea2636a93973a53378734ed7f2cf

Download Submit