Analysis Overview
SHA256
83aabb9170fe13459e9c97ad3680b7c9056b580bebc595f8c38a84ed7e093991
Threat Level: Known bad
The file Client.exe was found to be: Known bad.
Malicious Activity Summary
Asyncrat family
AsyncRat
Async RAT payload
Unsigned PE
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-04-19 13:37
Signatures
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Asyncrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-19 13:37
Reported
2024-04-19 15:29
Platform
win11-20240412-en
Max time kernel
1481s
Max time network
1496s
Command Line
Signatures
AsyncRat
Suspicious use of AdjustPrivilegeToken
Processes
C:\Users\Admin\AppData\Local\Temp\Client.exe
"C:\Users\Admin\AppData\Local\Temp\Client.exe"
Network
| Country | Destination | Domain | Proto |
| US | 52.111.227.13:443 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| NL | 23.62.61.106:443 | www.bing.com | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
memory/4956-0-0x00000000007E0000-0x0000000000824000-memory.dmp
memory/4956-2-0x00007FF9938B0000-0x00007FF994372000-memory.dmp
memory/4956-3-0x000000001B640000-0x000000001B650000-memory.dmp
memory/4956-4-0x00007FF9938B0000-0x00007FF994372000-memory.dmp