Analysis
-
max time kernel
143s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
05/04/2024, 14:35
Behavioral task
behavioral1
Sample
xtPT79JKvvlE.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
xtPT79JKvvlE.exe
Resource
win10v2004-20240226-en
General
-
Target
xtPT79JKvvlE.exe
-
Size
47KB
-
MD5
6657934f52a0686aefcfac430c49eb6c
-
SHA1
e803dc674a183866df2ea7c732bd6ce288e4d273
-
SHA256
a89667a64a05760547dd5b7f8a87181fb145a48ed2492392918e653c7e5bb9a6
-
SHA512
5d0991ccd328d04ee99136c08ecf6ce17d1d557e0b44a7df55a553002c61aaef3a018fdbc90e2a0ca21bd13ef26865e6a8a95d541feb1a827c101a7378703cf5
-
SSDEEP
768:oq+s3pUtDILNCCa+DimriAPYb+geRHuPkqgmvEgK/JfZVc6KN:oq+AGtQOgQbBJtnkJfZVclN
Malware Config
Extracted
asyncrat
1.0.7
PROMESAS NEW 05
promesasalvaro1.duckdns.org:7091
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_folder
%AppData%
Signatures
-
Delays execution with timeout.exe 1 IoCs
pid Process 512 timeout.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1928 xtPT79JKvvlE.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1928 wrote to memory of 4352 1928 xtPT79JKvvlE.exe 104 PID 1928 wrote to memory of 4352 1928 xtPT79JKvvlE.exe 104 PID 4352 wrote to memory of 512 4352 cmd.exe 106 PID 4352 wrote to memory of 512 4352 cmd.exe 106
Processes
-
C:\Users\Admin\AppData\Local\Temp\xtPT79JKvvlE.exe"C:\Users\Admin\AppData\Local\Temp\xtPT79JKvvlE.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1928 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp8013.tmp.bat""2⤵
- Suspicious use of WriteProcessMemory
PID:4352 -
C:\Windows\system32\timeout.exetimeout 33⤵
- Delays execution with timeout.exe
PID:512
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:81⤵PID:3984
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
164B
MD58efe9af2bb80e32d091e046112f68d8f
SHA13d455d6bdc876592bc3f484d1fb0e6d78b8e2354
SHA25675807a0828423669ccec588c1c16d5df453f0ad2d2fe211c483cf7ba6ca2b606
SHA512d9356eed5b5eeaa908fad4d362895a2e4185732f9c53e3341acd3cdf7809183fd84ec30d87e2a71742e65c065451f076b60fb1b68eba7d38357592dbd1aa0d3b