Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/03/2024, 01:42

General

  • Target

    297942cdaf9c3efc3968bab08b2a69ea.exe

  • Size

    24.2MB

  • MD5

    297942cdaf9c3efc3968bab08b2a69ea

  • SHA1

    ed32102f28e40674f308a74c9f00eb0908ab797a

  • SHA256

    09b1cb8d457625091e02d13c9f6323309a5652ed4e8b33eaf9c994ca9c849805

  • SHA512

    55e09b0d0da590cfd529ca0e6b1d084653cb5e96df8cf94ecd1d721f02d208b02391b89ad65b25c727218623627eaedead2df2611ff42a397b865b22fb57f53d

  • SSDEEP

    786432:cs+YdwaieOlOcPy3zGxzdXDkX5/ghmmdP/2aZFOnQh5Ts:cs5d/itGjGxx2/gcmYagQh5o

Score
10/10

Malware Config

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

  • Async RAT payload 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\297942cdaf9c3efc3968bab08b2a69ea.exe
    "C:\Users\Admin\AppData\Local\Temp\297942cdaf9c3efc3968bab08b2a69ea.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe
      "C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe" "SFXSOURCE:C:\Users\Admin\AppData\Local\Temp\297942cdaf9c3efc3968bab08b2a69ea.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\1041_0001.btn

    Filesize

    6KB

    MD5

    ed10b465f6aa073919eca99074901ca9

    SHA1

    2ec3050dbf675b744d4775d84d8faed91a791236

    SHA256

    96b0dac105840fe31e8652a9b5acf4161e81938192ba825c9878a2bccd61ed1b

    SHA512

    8c69a2a9ee3cc7f6affbeb87c6252fd10fe5576c863fe615cbd105d2ee3d505692a45f02a2d98cfd0392e0fb9fe3bb42dfb2b5a571bb0d4e25a16eccbe43ddb3

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\1041_0038.btn

    Filesize

    11KB

    MD5

    5d2a07317aa10727b8cadf5a04e5ef9e

    SHA1

    18665d2e0adad26b7e186a34b5ab1390b0864cd0

    SHA256

    ad93742965a9e55ccfb0c77f8dca08e9b3ce3fc9a11e71d8c78793bf70f7cec8

    SHA512

    bf363a7e2bcd8e2a4d266cdb6e637c47da6da4a245d328572cc2da66fce3a77d601f6473ccdb3ed4a91f8f455ec25c2cfaaae274b2d2a0013ab943c4e927813a

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\1041_0039.btn

    Filesize

    10KB

    MD5

    bb22e9223820ce8afe05ac0ae8dcd938

    SHA1

    18f534564a3780079ba56430d399c85988fd83d0

    SHA256

    6724c4e1d8436a220ceca390ff9823006f085482f0bb32ac5c3cf357d1d1dd40

    SHA512

    8d6c4b075d5e80b67cb558cc87825a261122dbeb12e435d28f6c1c414d9640fe1be3d9188aeb4fa5d3a6c802df8f21299f7e4286a1e80bb4fac3bc58a4851899

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\I3G4883T852C.exe

    Filesize

    2.3MB

    MD5

    ae19c3ed9388a7e9eafdbcc56c737866

    SHA1

    1e321c053462406106f8876572f999fe7138ddd6

    SHA256

    00f4db0afe68619ec8d1a8b7755066104242c2943c946d4ef047ae15239fc15c

    SHA512

    ed858bc047275419f5361809fa251968b21f3126b056476c34e70aab709ddeb359c9f69227e635c18af0bba1848c0069c34c9cd7d89da595c09ca129197f0e12

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\codbypass.exe

    Filesize

    130KB

    MD5

    d49c5811f549dc2221c63fca40b8792b

    SHA1

    c7ae5dcfe9502018db1f82822a62dc42569cc1e1

    SHA256

    5fa6beb291c3de1089af04d5ddd0c6067b3e84edfa32e76dc1bc6b3a0f5b9272

    SHA512

    98a781be0b963b2e5bc67c8ae44d0ce775d2973ce347f9bb24be0f1c25be62f615789b08e2157f9ff4bcf729553a63c9db0c98f27c1626a965129aa6321da700

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\Untitled-1.jpg

    Filesize

    295KB

    MD5

    e544015298dada6854449107659f3205

    SHA1

    2edcc27354c69d90ad5c9e474a36fb14907523b6

    SHA256

    2261a538c76de796fbb3bf781bcbb283af056c12e3fd20d1007dac3bed1909bc

    SHA512

    d083debd9dcbac4c6289f88a7ea24b7f81c33694168e1f03219bf599806514159ba485881699ac3dde3fbd15b65a158c9a09dbdcd09ec62b04c72708553d0449

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\autorun.cdd

    Filesize

    8KB

    MD5

    70603e1a1959caa82a5aa8c54b9fd49f

    SHA1

    0d2b6ee969335b95dc6d27fb1da755c68a66f4c6

    SHA256

    f667296a5b8ebd562b9d13e8a13c4c72db5a09912866549e5ca420569ec98b48

    SHA512

    7c749ab66f26e5e1aabee0189ae72ecb84c5f4aefc9290b30598e896a7ed085021711f0ef280d30447d673b72fb19abf6d54c636950b0d6d3564bce9e031a6e9

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

    Filesize

    161KB

    MD5

    8d7cb260a1706efa29b344b8c39e465e

    SHA1

    9d00edcf9810712606a76c231fa475c16cfe6998

    SHA256

    369f05eaf2d0d9364da92a2947d640b061c7227e2fa824967ce202e12465ca35

    SHA512

    b9f5422e8cfc02ae099c727e6bd032e7b5ac61458e40f2c44c07e7768d098c1dbdcc2bde182260794f2699d5a510de657bceb3b6499d14dc169ff5487e2a17d5

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

    Filesize

    291KB

    MD5

    5084da76102394b91cd562433f11d057

    SHA1

    c5811154e57b7c5d800904301cb6273ee685e27a

    SHA256

    a8dea7360924edb97a4f5eb5cc22bf76712b8c3b553a9214c24253d0a4ee5c08

    SHA512

    50ecf9446ec89089f305464afd8fc144eff52288397a98b33249ed5abadcb0bfa43b9c57052a9964405daae19df4843040a64b0a13d5834e0947d2f5c664a034

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

    Filesize

    58KB

    MD5

    3c3943cc084ffabf6871d23151fde41b

    SHA1

    0703655865f836b519ae69471fb512414a792f43

    SHA256

    b7d6d853006c41c2b5b2ad9144ff7e85a682b664a4251472522d799aa8137289

    SHA512

    c29c8527b530dca5b03e74d1bcd64288e125b33d2df172a4dd76d867e6e7aaab0cf27c2100e5bbaf36896efe08a985e1611b6c8e74db8bb2c6ad18537d8e7aaf

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\icons8-call-of-duty-mobile-50.ico

    Filesize

    4KB

    MD5

    7c003e672901b1ea6893338a2a16f7f0

    SHA1

    7f98e8c36c0dc8e4bc9d4ff66e3ac3c88bdf25db

    SHA256

    1f4da305805a9c6566b5ccead5a1f07b7acb0f04e0bd81def9babfc518c8e236

    SHA512

    94df266b72f5651c6a3a025eae6965df92e52cd85ee52e543bd126ccbaebfc025c608dc589dae34c7d5a52d450beb7f92206f2e1d2e32088fbdf4690dd4fb3c7

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\lua5.1.dll

    Filesize

    175KB

    MD5

    f5c245a9c610699ab06a840fc28c7c79

    SHA1

    de6d6e497710438522170c143cbad6b8f85af54f

    SHA256

    d6875eace16cff4c276d23bc93e05c616db4d8851ccf3a407aae584b513db489

    SHA512

    5fada846b5258b8545b17a69cfb7184e363062f912113aab0affd30e2b06045789f9e3509292807298da1a6facfa9b824d1125df0fd41bb4190e9139f28f91fc

  • \Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

    Filesize

    324KB

    MD5

    a50edc0f5bf8d2034278940201ab2e06

    SHA1

    258e58a92b8ba81922e2cf1acb085d6411a5baf8

    SHA256

    bf35303f2ff0ee6161c24ec2bccf595d465bb51510d2a2b14622c9a87a9bd8c4

    SHA512

    9812bb1d473c094767bc1347b40c162f847c64e69fda6502d573c45567425989ff3f34e50b4c009626efdc7a43e6f284ede3282bdcfce8a2a70699b09fb9209e

  • \Users\Admin\AppData\Local\Temp\ir_ext_temp_0\lua5.1.dll

    Filesize

    326KB

    MD5

    05ceb6d2e88a896d6ada0ab3f0dc40aa

    SHA1

    2b62cc437f5b3268acb3f569b43fd6c0a08e4e47

    SHA256

    b574d89422afcaae5446d8fd88d3b7cb48d608cf5411db761916b35c9999b41a

    SHA512

    fd9a03167c70ddd156d6942e503f7d9528e4748e9613cfba69181eb8b50fcaea9f6d3b9e1398da21d4e4c8bf47c99fe2becc88b98107a4fdcb80697510c1860f