Malware Analysis Report

2025-08-06 03:44

Sample ID 230430-1tvcnsfb3y
Target Swiftfn.exe
SHA256 7fb468df5b46d1eb0f26e737c515a5a10794b84c9193628efb71c9c32fe8edc1
Tags
asyncrat default rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7fb468df5b46d1eb0f26e737c515a5a10794b84c9193628efb71c9c32fe8edc1

Threat Level: Known bad

The file Swiftfn.exe was found to be: Known bad.

Malicious Activity Summary

asyncrat default rat

Async RAT payload

Asyncrat family

AsyncRat

Async RAT payload

Executes dropped EXE

Checks computer location settings

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Delays execution with timeout.exe

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Creates scheduled task(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-30 21:56

Signatures

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Asyncrat family

asyncrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-30 21:56

Reported

2023-04-30 22:43

Platform

win7-20230220-en

Max time kernel

1798s

Max time network

1802s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe"

Signatures

AsyncRat

rat asyncrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Runtime Broker.exe N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Runtime Broker.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1388 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe C:\Windows\System32\cmd.exe
PID 1388 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe C:\Windows\System32\cmd.exe
PID 1388 wrote to memory of 560 N/A C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe C:\Windows\System32\cmd.exe
PID 560 wrote to memory of 1164 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\schtasks.exe
PID 560 wrote to memory of 1164 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\schtasks.exe
PID 560 wrote to memory of 1164 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\schtasks.exe
PID 1388 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe C:\Windows\system32\cmd.exe
PID 1388 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe C:\Windows\system32\cmd.exe
PID 1388 wrote to memory of 628 N/A C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe C:\Windows\system32\cmd.exe
PID 628 wrote to memory of 1924 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 628 wrote to memory of 1924 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 628 wrote to memory of 1924 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 628 wrote to memory of 980 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\Runtime Broker.exe
PID 628 wrote to memory of 980 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\Runtime Broker.exe
PID 628 wrote to memory of 980 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\Runtime Broker.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe

"C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "Runtime Broker" /tr '"C:\Users\Admin\AppData\Roaming\Runtime Broker.exe"' & exit

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "Runtime Broker" /tr '"C:\Users\Admin\AppData\Roaming\Runtime Broker.exe"'

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmp3554.tmp.bat""

C:\Windows\system32\timeout.exe

timeout 3

C:\Users\Admin\AppData\Roaming\Runtime Broker.exe

"C:\Users\Admin\AppData\Roaming\Runtime Broker.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 dom45x.duckdns.org udp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp

Files

memory/1388-54-0x0000000000100000-0x0000000000112000-memory.dmp

memory/1388-55-0x000000001AF70000-0x000000001AFF0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp3554.tmp.bat

MD5 624ce4441d0ca2b99daec192a7a047d8
SHA1 42a0eaa983ca28d5a49372e455ad8808176d7a6d
SHA256 fce80830eba5ac4c20cfe6284ffd9a7842b23a0d4f807e5fe03dde09248dd78b
SHA512 4c150e28f04d5e32b7d586f974027d5e37a7c4f5524e2b7e8386e9cc4699e5354849d005d796d3fc40ee21978ba1b429e4f3b5b41c8dcb585b8e0814e09f5287

C:\Users\Admin\AppData\Local\Temp\tmp3554.tmp.bat

MD5 624ce4441d0ca2b99daec192a7a047d8
SHA1 42a0eaa983ca28d5a49372e455ad8808176d7a6d
SHA256 fce80830eba5ac4c20cfe6284ffd9a7842b23a0d4f807e5fe03dde09248dd78b
SHA512 4c150e28f04d5e32b7d586f974027d5e37a7c4f5524e2b7e8386e9cc4699e5354849d005d796d3fc40ee21978ba1b429e4f3b5b41c8dcb585b8e0814e09f5287

C:\Users\Admin\AppData\Roaming\Runtime Broker.exe

MD5 25d7952b3e8c9f0872ecf4f099cea1a2
SHA1 976e307d3fc015452e70acd29ebddef0d8823fac
SHA256 7fb468df5b46d1eb0f26e737c515a5a10794b84c9193628efb71c9c32fe8edc1
SHA512 f81102833efd450be231d238f3065cf3d5cb9ae6c60f0a4e6b057ffd4c78a2767b0fd8aff54e0bb08ebdf5b5da293f622e68c4874776f0fa25adfd639ca4f3eb

C:\Users\Admin\AppData\Roaming\Runtime Broker.exe

MD5 25d7952b3e8c9f0872ecf4f099cea1a2
SHA1 976e307d3fc015452e70acd29ebddef0d8823fac
SHA256 7fb468df5b46d1eb0f26e737c515a5a10794b84c9193628efb71c9c32fe8edc1
SHA512 f81102833efd450be231d238f3065cf3d5cb9ae6c60f0a4e6b057ffd4c78a2767b0fd8aff54e0bb08ebdf5b5da293f622e68c4874776f0fa25adfd639ca4f3eb

memory/980-68-0x0000000000EC0000-0x0000000000ED2000-memory.dmp

memory/980-69-0x000000001B1F0000-0x000000001B270000-memory.dmp

memory/980-87-0x000000001B1F0000-0x000000001B270000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 3ac860860707baaf32469fa7cc7c0192
SHA1 c33c2acdaba0e6fa41fd2f00f186804722477639
SHA256 d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904
SHA512 d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

C:\Users\Admin\AppData\Local\Temp\Tar9B7D.tmp

MD5 4ff65ad929cd9a367680e0e5b1c08166
SHA1 c0af0d4396bd1f15c45f39d3b849ba444233b3a2
SHA256 c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6
SHA512 f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Analysis: behavioral3

Detonation Overview

Submitted

2023-04-30 21:56

Reported

2023-04-30 22:43

Platform

win10v2004-20230220-en

Max time kernel

1799s

Max time network

1803s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe"

Signatures

AsyncRat

rat asyncrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Runtime Broker.exe N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Runtime Broker.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe

"C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "Runtime Broker" /tr '"C:\Users\Admin\AppData\Roaming\Runtime Broker.exe"' & exit

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp93C9.tmp.bat""

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "Runtime Broker" /tr '"C:\Users\Admin\AppData\Roaming\Runtime Broker.exe"'

C:\Windows\system32\timeout.exe

timeout 3

C:\Users\Admin\AppData\Roaming\Runtime Broker.exe

"C:\Users\Admin\AppData\Roaming\Runtime Broker.exe"

Network

Country Destination Domain Proto
NL 20.123.141.233:443 tcp
US 8.8.8.8:53 123.108.74.40.in-addr.arpa udp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 52.152.108.96:443 tcp
US 8.8.8.8:53 177.17.30.184.in-addr.arpa udp
US 8.8.8.8:53 14.103.197.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 20.189.173.5:443 tcp
US 8.8.8.8:53 36.43.235.68.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 63.13.109.52.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 42.220.44.20.in-addr.arpa udp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 93.184.220.29:80 tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 99.113.223.173.in-addr.arpa udp
US 8.8.8.8:53 113.66.64.40.in-addr.arpa udp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 254.21.238.8.in-addr.arpa udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 42.134.221.88.in-addr.arpa udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 32.134.221.88.in-addr.arpa udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 90.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 76.38.195.152.in-addr.arpa udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
N/A 185.161.248.73:4164 tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 34.146.190.20.in-addr.arpa udp
US 8.8.8.8:53 229.78.74.40.in-addr.arpa udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 134.121.24.20.in-addr.arpa udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 97.238.32.23.in-addr.arpa udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp

Files

memory/4644-133-0x0000000000A60000-0x0000000000A72000-memory.dmp

memory/4644-134-0x000000001B750000-0x000000001B760000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp93C9.tmp.bat

MD5 30d29a897c96ae8e74b716f338af59d3
SHA1 90f1e28173c267a6467d6712cb27e0dfdbffbf18
SHA256 8f66e0f5d39d0d88efbf9d3063ce2348baf9b6339fbef52be56e9601ed989051
SHA512 d8fd19b771a86b79bd86bf0bddce4387cf1ac740448bdf8d9fef8a099eb79f18c6229a4e2dc788ffe2d851c202a89338f7a7dcafcf9ce0e66c2bf6176550c332

C:\Users\Admin\AppData\Roaming\Runtime Broker.exe

MD5 25d7952b3e8c9f0872ecf4f099cea1a2
SHA1 976e307d3fc015452e70acd29ebddef0d8823fac
SHA256 7fb468df5b46d1eb0f26e737c515a5a10794b84c9193628efb71c9c32fe8edc1
SHA512 f81102833efd450be231d238f3065cf3d5cb9ae6c60f0a4e6b057ffd4c78a2767b0fd8aff54e0bb08ebdf5b5da293f622e68c4874776f0fa25adfd639ca4f3eb

C:\Users\Admin\AppData\Roaming\Runtime Broker.exe

MD5 25d7952b3e8c9f0872ecf4f099cea1a2
SHA1 976e307d3fc015452e70acd29ebddef0d8823fac
SHA256 7fb468df5b46d1eb0f26e737c515a5a10794b84c9193628efb71c9c32fe8edc1
SHA512 f81102833efd450be231d238f3065cf3d5cb9ae6c60f0a4e6b057ffd4c78a2767b0fd8aff54e0bb08ebdf5b5da293f622e68c4874776f0fa25adfd639ca4f3eb

memory/3516-143-0x000000001C6A0000-0x000000001C6B0000-memory.dmp

memory/3516-144-0x000000001C6A0000-0x000000001C6B0000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-30 21:56

Reported

2023-04-30 22:43

Platform

win10-20230220-en

Max time kernel

1802s

Max time network

1808s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe"

Signatures

AsyncRat

rat asyncrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Runtime Broker.exe N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Runtime Broker.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe

"C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpCC0F.tmp.bat""

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "Runtime Broker" /tr '"C:\Users\Admin\AppData\Roaming\Runtime Broker.exe"' & exit

C:\Windows\system32\timeout.exe

timeout 3

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "Runtime Broker" /tr '"C:\Users\Admin\AppData\Roaming\Runtime Broker.exe"'

C:\Users\Admin\AppData\Roaming\Runtime Broker.exe

"C:\Users\Admin\AppData\Roaming\Runtime Broker.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 36.43.235.68.in-addr.arpa udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 20.189.173.6:443 tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.247.210.254:80 tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 44.8.109.52.in-addr.arpa udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 8.8.8.8:53 dom45x.duckdns.org udp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp
US 68.235.43.36:62180 dom45x.duckdns.org tcp

Files

memory/2488-121-0x00000000000B0000-0x00000000000C2000-memory.dmp

memory/2488-122-0x000000001ACB0000-0x000000001ACC0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpCC0F.tmp.bat

MD5 8e322549befedb27d4334ad06fa57de7
SHA1 b5b5ba07e644a61180b845fad3dfd1cb4c689e92
SHA256 b8fa7516cec8a3a7a022663e8b67e86fa785a38abb65c3fcd60a77777783cd51
SHA512 839d4c7727c9558fdd3be074637432602f252af7518ce5b8a396aafc0be52bc34c88f35e4b3fea68f94e9dc7d347f068acc7411ba05360dd679445336ea471bf

C:\Users\Admin\AppData\Roaming\Runtime Broker.exe

MD5 25d7952b3e8c9f0872ecf4f099cea1a2
SHA1 976e307d3fc015452e70acd29ebddef0d8823fac
SHA256 7fb468df5b46d1eb0f26e737c515a5a10794b84c9193628efb71c9c32fe8edc1
SHA512 f81102833efd450be231d238f3065cf3d5cb9ae6c60f0a4e6b057ffd4c78a2767b0fd8aff54e0bb08ebdf5b5da293f622e68c4874776f0fa25adfd639ca4f3eb

C:\Users\Admin\AppData\Roaming\Runtime Broker.exe

MD5 25d7952b3e8c9f0872ecf4f099cea1a2
SHA1 976e307d3fc015452e70acd29ebddef0d8823fac
SHA256 7fb468df5b46d1eb0f26e737c515a5a10794b84c9193628efb71c9c32fe8edc1
SHA512 f81102833efd450be231d238f3065cf3d5cb9ae6c60f0a4e6b057ffd4c78a2767b0fd8aff54e0bb08ebdf5b5da293f622e68c4874776f0fa25adfd639ca4f3eb

memory/2900-131-0x000000001B5F0000-0x000000001B600000-memory.dmp

memory/2900-134-0x000000001B5F0000-0x000000001B600000-memory.dmp