Overview

overview

10

Static

static

10

S500 CRASH...CK.zip

windows10-2004-x64

10

Resubmissions

21-02-2024 22:28

240221-2d6lfagf69 10

20-02-2024 02:07

240220-cjy14shc8z 10

19-02-2024 17:57

240219-wjrftaaa5s 10

01-02-2024 17:44

240201-wbb16addcj 10

Analysis

  • max time kernel
    154s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-02-2024 02:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    S500 CRASHED DESTROYED BY BIG DICK.zip

  • Size

    82.3MB

  • MD5

    5aa9ba2618a5e528af208ee5854cf2be

  • SHA1

    3cf3eb1d8339bd5bc624ac10e797ccf556b538ca

  • SHA256

    511a99c70f3a3aaad381b3bf626e411b3b41f7a7cf3e040068a8cdddc6224296

  • SHA512

    f9d65db7b6ee067092ec08d4abeed3cbf40f2d7ada1a12ebe20d737aac9b1ed71895c9f9b7b1162a75733b25b14a022147cfd81970fcb9e7808eed3f9d79e087

  • SSDEEP

    1572864:/JcbzDm3OZLuFkmVmzDmum6Whftzjat/Y34F1zBLgrNka51ML:Bcni3Gu/VmzWJ3KxYwANka51ML

Score
10/10
asyncratrat

Malware Config

Extracted

Family

asyncrat

C2

127.0.0.1:3232

Mutex

nNx2ΔΙgg吉C伊弗Gp德WrDT

Attributes
  • delay

    3

  • install

    false

  • install_folder

    .

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Contains code to disable Windows Defender 2 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Async RAT payload 1 IoCs
    rat
  • Executes dropped EXE 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 27 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK.zip"
    1⤵
      PID:2912
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1816
      • C:\Program Files\7-Zip\7zFM.exe
        "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\S500 CRASHED DESTROYED BY BIG DICK.zip"
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:992
      • C:\Users\Admin\Desktop\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe
        "C:\Users\Admin\Desktop\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe"
        1⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2952
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
          PID:2876
        • C:\Users\Admin\Desktop\S500 CRASHED DESTROYED BY BIG DICK\sEXYbABY.exe
          "C:\Users\Admin\Desktop\S500 CRASHED DESTROYED BY BIG DICK\sEXYbABY.exe"
          1⤵
          • Executes dropped EXE
          • Suspicious use of AdjustPrivilegeToken
          PID:4780

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\7zE0E34E5C7\S500 CRASHED DESTROYED BY BIG DICK\Anarchy.Forms.FormRegValueEditMultiString.resources
          Filesize

          67KB

          MD5

          beda8bbd2a72e45431cf5dd68f7c6e61

          SHA1

          18e28ada040e4c62e33d946046a9ccf66f839f0d

          SHA256

          f9f9c2a4855d61b7c7f93e9258d0306be802ef9c8c8929186deb71ee96b06d4c

          SHA512

          6287bb138431c33a2dd30b7c06c979ee89f691900eb407e14465d58188d04d7697ecc68eb6d479db664ea86f35b7ce6b611834028ddbd56513003c1ca28f0899

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7zE0E34E5C7\S500 CRASHED DESTROYED BY BIG DICK\Anarchy.Forms.FormSendFileToMemory.resources
          Filesize

          66KB

          MD5

          fa80841e3dc9ffb31dd5d015c1030172

          SHA1

          aa0d9e66db2a8528edf9931fe132f18870307216

          SHA256

          a5b9f5ccfe8ac46a630ac1cc112d343364fa2bc4a2bec0f3911322cff174cff9

          SHA512

          a38cc863d3c0c8d944340cd4116f03bbdb2f1526fb40b476cd0adbd444fd1dc10790d35eaf50ea34a1083b163baa82251a5048f075651bc14e46ac4cb82897bd

          Download Submit

        • C:\Users\Admin\Desktop\S500 CRASHED DESTROYED BY BIG DICK\Guna.UI2.dll
          Filesize

          1.9MB

          MD5

          4544872c197f9ad471bb18c648b004b0

          SHA1

          280a1ec5ab002d1ab15279b3fb0de8dd3c4aa482

          SHA256

          bf4aec4b6a094c21008b4788be9ca7072fcff0800cf1c098828222769b311e7b

          SHA512

          aaf6a5a357976f6a83672009d3648f4dd7303bdd91eeca6b2d1ce35f59cb65563daa70505162f862bb7ce322d9645dbabd49e9a8f8a9e22d4d169f3d59ac8aca

          Download Submit

        • C:\Users\Admin\Desktop\S500 CRASHED DESTROYED BY BIG DICK\ReaLTaiizor.dll
          Filesize

          5.9MB

          MD5

          dc1bd8b5f4f2b49fc7da72aca1ae33da

          SHA1

          0bf43f74e5a957178adb259aecf34cdeed24b8b1

          SHA256

          d7a5a7ff25de9ce7709282b0ca714f942b29ea1b9ca222e9b2599f97676de9cd

          SHA512

          d19a828bbd048f52a17f804d55faf8365fda0b2b4afdfb55cbe3e85093245325fd0affa31decd848d23fce9cfd7b92b2e0c9e2849aef2dda2b74fdaef4635b46

          Download Submit

        • C:\Users\Admin\Desktop\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe
          Filesize

          9.5MB

          MD5

          d26bd9b55d519ab05e621a4beba3b620

          SHA1

          06a4714f4663866d97ae6c2b7afe5eff666be6f5

          SHA256

          b23de3cdea787b3dd5221d09b94cc7003903925c48128452937542f799d045b9

          SHA512

          83ffc1c33d477de4b9f065721c8623ffa83a4438ed2ab2903205cc3abef9dc4047d35c0110e985785d2724eaa9b861f79b1da1837eaa1279a345ab3e32effc06

          Download Submit

        • C:\Users\Admin\Desktop\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe
          Filesize

          11.8MB

          MD5

          930c98b103a4ed3891f4a8729eae4e91

          SHA1

          81cbdb10fab4de7d26295d3e3ba14947ac9ead49

          SHA256

          d282b73f251e49b299b4ba3b2af9460d02f2a9420f5b9023b2eb1fa00da02ae8

          SHA512

          2301c9826b88c1b00b533fdbf185804c19c5d3180b9b0dcd44fa73c517e85aeb8b798805ade6376bcb492c7483252c52948e29313ff66b02358f93ae1b914501

          Download Submit

        • C:\Users\Admin\Desktop\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.exe.config
          Filesize

          530B

          MD5

          c7a4606f8f222fc96e1e6b08c093794b

          SHA1

          2700b3727ab01d93e75e1e12f308dcaeb1d37dba

          SHA256

          32d656a69b19be98ae050512a4d0f49ebe21b6f7bb9c50130b7e952ea4f5239b

          SHA512

          7516375b47536a51ede8079d25760e0142ac93077326b6cc033fd6cb1676b65aec7edb3f702922506f2b6b18992cd219be01e7adbf70c6d13404adceb410472b

          Download Submit

        • C:\Users\Admin\Desktop\S500 CRASHED DESTROYED BY BIG DICK\S500RAT.pdb
          Filesize

          264KB

          MD5

          5a98d0d238e07f8e1ea530329fb08898

          SHA1

          b7b16861671027ecd27aa4282e0356058453aa59

          SHA256

          7908ad8f9e05645b6e7568df656c2aa4f67e8350a08aa8a1993ab67c325bb0db

          SHA512

          c2c3761709acf86272e2f46ac604f274c2a6feb2f9e680b1783c521347441c9ba6e50c5086bea4aad9e2550edee962dd57b6907bc29c0ec427869d28d83a60f0

          Download Submit

        • C:\Users\Admin\Desktop\S500 CRASHED DESTROYED BY BIG DICK\Siticone.UI.dll
          Filesize

          1.3MB

          MD5

          750c58af2e56b6addecffcf152520ab8

          SHA1

          14995e7f1d12498606d9d209d78d55fe6fd87802

          SHA256

          27c56a28cbde094157206da1bfcd7a395111ab97b8a5ff600b11c2175dcefb26

          SHA512

          2179790e23f61b3dfea828457f8609279c70b1e071cddc73b1dbda02caa664e0aae2553fc24a4956f9e89c477d66b1a704bde26fa23bc6db26c19e18db00abb5

          Download Submit

        • C:\Users\Admin\Desktop\S500 CRASHED DESTROYED BY BIG DICK\Usrs.p12
          Filesize

          1KB

          MD5

          e14c7402da26e4a1a1c226d546ec3aba

          SHA1

          3234c40fa2aec2d483d2b7ede9b901d3899d5336

          SHA256

          dd00f7ce28d7ef1e14f50b046ca1736f15ab08e6458d2c2cc72d078e4354ddb7

          SHA512

          cba4cd515319b11be1a94ffb22c4b14b933868217a1b7f6ce126568b82723769baf170f9d1f262135b8867162b8e932a9c2143603c4c9d668edc3f4622cfb5b2

          Download Submit

        • C:\Users\Admin\Desktop\S500 CRASHED DESTROYED BY BIG DICK\cGeoIp.dll
          Filesize

          2.3MB

          MD5

          6d6e172e7965d1250a4a6f8a0513aa9f

          SHA1

          b0fd4f64e837f48682874251c93258ee2cbcad2b

          SHA256

          d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0

          SHA512

          35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155

          Download Submit

        • C:\Users\Admin\Desktop\S500 CRASHED DESTROYED BY BIG DICK\sEXYbABY.exe
          Filesize

          63KB

          MD5

          9cabbaa5f95805449b6b39dfb5363ef7

          SHA1

          bfc9f92dcb82de22f2cfafbc2004375a3de0e112

          SHA256

          6ee41c8e942eadb4053b0b0e4535366e7a3921c740aa7d607bf3f3c9f8b20df9

          SHA512

          9fcc2be5099620108668dd06e42c43565c7bc1e8b22e092b1dbd20fbb5145e70a24513010c089a13c1e4ed6575778c4a7ca18669b8a977109f63545a7b430471

          Download Submit

        • memory/2952-456-0x00007FFDC1200000-0x00007FFDC1CC1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2952-463-0x0000023B460D0000-0x0000023B460E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2952-450-0x0000023B483B0000-0x0000023B483D4000-memory.dmp

          Filesize

          144KB

          Download

        • memory/2952-451-0x0000023B489E0000-0x0000023B4959E000-memory.dmp

          Filesize

          11.7MB

          Download

        • memory/2952-452-0x0000023B460D0000-0x0000023B460E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2952-448-0x0000023B48210000-0x0000023B4832A000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2952-454-0x0000023B55F80000-0x0000023B56568000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/2952-455-0x0000023B460D0000-0x0000023B460E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2952-447-0x0000023B487E0000-0x0000023B489D4000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2952-445-0x0000023B460D0000-0x0000023B460E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2952-458-0x0000023B55AE0000-0x0000023B55C2E000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2952-459-0x0000023B4C510000-0x0000023B4C524000-memory.dmp

          Filesize

          80KB

          Download

        • memory/2952-460-0x0000023B460D0000-0x0000023B460E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2952-462-0x0000023B460D0000-0x0000023B460E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2952-461-0x0000023B460D0000-0x0000023B460E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2952-449-0x0000023B48330000-0x0000023B48396000-memory.dmp

          Filesize

          408KB

          Download

        • memory/2952-444-0x0000023B48470000-0x0000023B486C2000-memory.dmp

          Filesize

          2.3MB

          Download

        • memory/2952-465-0x0000023B460D0000-0x0000023B460E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2952-466-0x0000023B460D0000-0x0000023B460E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2952-442-0x0000023B0EA60000-0x0000023B0FA60000-memory.dmp

          Filesize

          16.0MB

          Download

        • memory/2952-490-0x0000023B56670000-0x0000023B56770000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2952-489-0x0000023B56670000-0x0000023B56770000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2952-476-0x0000023B460D0000-0x0000023B460E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2952-471-0x0000023B460D0000-0x0000023B460E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2952-441-0x00007FFDC1200000-0x00007FFDC1CC1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4780-472-0x0000000000AF0000-0x0000000000B00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4780-477-0x00007FFDC1200000-0x00007FFDC1CC1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4780-470-0x00007FFDC1200000-0x00007FFDC1CC1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4780-469-0x0000000000410000-0x0000000000426000-memory.dmp

          Filesize

          88KB

          Download