Overview

overview

10

Static

static

3

28a7899fd1...ee.exe

windows7-x64

10

28a7899fd1...ee.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    01/08/2023, 10:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    28a7899fd1fa79fde93dde413fd658ee.exe

  • Size

    215KB

  • MD5

    28a7899fd1fa79fde93dde413fd658ee

  • SHA1

    ff919107125d06752b57e15e518f034eed6750d8

  • SHA256

    4187623c2862328da86414eefedf4ffc231a3f39011d6791d23e94a8eb6e84a9

  • SHA512

    532600d0a24bb004a2717a0b205f90b9c7220000cddc871cc43526fb14667c5b6bd3f3d59d2fbf3348701b0f88b87af4ec221b6cdb63dd3263e0265e660f581d

  • SSDEEP

    3072:0VUHu0NnhOQM5kLi4DTqj2av6NeB9DIw2o:0VUHdNnhkkLi4inSNe

Score
10/10
asyncratrat

Malware Config

Extracted

Family

asyncrat

C2

127.0.0.1:8848

61.136.166.128:8848
Mutex

ffsnrvgzvdgjzfuty

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Async RAT payload 3 IoCs
    rat
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\28a7899fd1fa79fde93dde413fd658ee.exe
    "C:\Users\Admin\AppData\Local\Temp\28a7899fd1fa79fde93dde413fd658ee.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2304
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {7578FB32-8F36-47D0-ADEB-56C753A8BA76} S-1-5-21-377084978-2088738870-2818360375-1000:DSWJWADP\Admin:Interactive:[1]
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Users\Admin\AppData\Local\Temp\28a7899fd1fa79fde93dde413fd658ee.exe
      C:\Users\Admin\AppData\Local\Temp\28a7899fd1fa79fde93dde413fd658ee.exe
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2148

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_786387CC77858B88BA3234B304062475
          Filesize

          1KB

          MD5

          8af2dd614c46a6d9183fd4d2a16ce888

          SHA1

          584241b94475441e11f0b647add614f557b53acd

          SHA256

          24f486213b225b4a73ed909844e29a93cb241823bf1125c9595a109bbb50349e

          SHA512

          c6d8dc12fa8ec714bccdf46c7247423d6e0d7533ca31d97b93dafc3d720b08c545cc5e67f1de3ac57cb1c59935f23728857b7ded412cac4c072906094821e74f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CF14D1855652602540DFCFECD21854DB_F08ACE16C7831E9A386E9E2E33145DA5
          Filesize

          1KB

          MD5

          fa909111f8d809f06d4f7ba63527179a

          SHA1

          23f9db3a9308bdbd1f0d42b8a39b61273cebde08

          SHA256

          1344e4d50ada7c6d1a0006d88d20048c974e6ff114463de192e2c22e1c92c8cf

          SHA512

          8494e72d2ce1d754339b9a1a79bb38452b470b95981d0c8f6871d0f856f99876afcf22b858ad15d7875ad8d9135887346d973c4e5a2b9ef561855a5828938dd8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_786387CC77858B88BA3234B304062475
          Filesize

          500B

          MD5

          72272642f60c7b60467b0a106af55b83

          SHA1

          ba937856a6a1e5aacdbce5754a3a2b9e9b25c87e

          SHA256

          32ccd8586794b8bbdaedd0218a5b3ba6811d8d734d5176d338e1bf3096705c66

          SHA512

          30822efc60df0daaf0c7ccf078fd29f4295f28fe3ce716a423bd7906e88df958b88947f113934766cb67df471575a46aa5462805d46337aa938636b64b84eba9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          c2031072ae508cc6eef6405b0122c51a

          SHA1

          214254535663a5d43a11ac06327c24c8ddc7be76

          SHA256

          07b0e8bf117193115a2edea00c4789ba74e64abd618733929a57d272235caf8c

          SHA512

          55021978eb5cbad0c298cc6ac45eb0d07684fa1418a3c8bad480e3d164de55106f46babe61da278db82d8fdad6570d8c2141bacf170ae0e02b3ba5b2dd449aea

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CF14D1855652602540DFCFECD21854DB_F08ACE16C7831E9A386E9E2E33145DA5
          Filesize

          536B

          MD5

          f3a8c80662cacd09e8eb7894e3b2a2d8

          SHA1

          a174236a5e007b8bed02e4f2bb711dfb79c6e4aa

          SHA256

          ec54976270723bdd4591e2a2bc1a415499fc70544ec7992c041c0c361a6efed6

          SHA512

          d29f7a9e4ad9e75eaa9b33ea39736d640992afb4ebf59786864ccbe35552053ba3cdef1f6576dba442626c7eda3bd70ce145c1996a01cf59d523c66e87d41a1f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabA9D8.tmp
          Filesize

          62KB

          MD5

          3ac860860707baaf32469fa7cc7c0192

          SHA1

          c33c2acdaba0e6fa41fd2f00f186804722477639

          SHA256

          d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

          SHA512

          d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarAA96.tmp
          Filesize

          164KB

          MD5

          4ff65ad929cd9a367680e0e5b1c08166

          SHA1

          c0af0d4396bd1f15c45f39d3b849ba444233b3a2

          SHA256

          c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

          SHA512

          f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

          Download Submit

        • memory/2148-140-0x00000000742E0000-0x00000000749CE000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2148-139-0x0000000001390000-0x00000000013D3000-memory.dmp

          Filesize

          268KB

          Download

        • memory/2148-138-0x00000000742E0000-0x00000000749CE000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2304-72-0x0000000001170000-0x00000000011B0000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2304-92-0x0000000002DF0000-0x0000000002E5E000-memory.dmp

          Filesize

          440KB

          Download

        • memory/2304-91-0x0000000001390000-0x00000000013D3000-memory.dmp

          Filesize

          268KB

          Download

        • memory/2304-90-0x00000000742E0000-0x00000000749CE000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2304-73-0x0000000077950000-0x0000000077951000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2304-68-0x0000000000290000-0x00000000002A9000-memory.dmp

          Filesize

          100KB

          Download

        • memory/2304-71-0x0000000000FE0000-0x0000000000FF6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2304-70-0x0000000001170000-0x00000000011B0000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2304-69-0x00000000742E0000-0x00000000749CE000-memory.dmp

          Filesize

          6.9MB

          Download