Overview

overview

10

Static

static

1

NOTIFICACI...ca.exe

windows7-x64

10

NOTIFICACI...ca.exe

windows10-2004-x64

10

NOTIFICACI....0.dll

windows7-x64

1

NOTIFICACI....0.dll

windows10-2004-x64

3

NOTIFICACI....0.dll

windows7-x64

1

NOTIFICACI....0.dll

windows10-2004-x64

3

NOTIFICACI....0.dll

windows7-x64

1

NOTIFICACI....0.dll

windows10-2004-x64

3

NOTIFICACI....0.dll

windows7-x64

1

NOTIFICACI....0.dll

windows10-2004-x64

3

NOTIFICACI...nv.dll

windows7-x64

3

NOTIFICACI...nv.dll

windows10-2004-x64

3

NOTIFICACI...tl.dll

windows7-x64

1

NOTIFICACI...tl.dll

windows10-2004-x64

3

NOTIFICACI...o.html

windows7-x64

1

NOTIFICACI...o.html

windows10-2004-x64

1

NOTIFICACI...ls.dll

windows7-x64

1

NOTIFICACI...ls.dll

windows10-2004-x64

3

NOTIFICACI...28.exe

windows7-x64

5

NOTIFICACI...28.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    140s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-04-2024 01:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NOTIFICACION_JUDICIAL/NOTIFICACION DEMANDA/01Notificacion juridica.exe

  • Size

    63KB

  • MD5

    ae224c5e196ff381836c9e95deebb7d5

  • SHA1

    910446a2a0f4e53307b6fdeb1a3e236c929e2ef4

  • SHA256

    bf933ccf86c55fc328e343b55dbf2e8ebd528e8a0a54f8f659cd0d4b4f261f26

  • SHA512

    f845dbb13b04f76b6823bec48e1c47f96bcbd6d02a834c8b128ac750fe338b53f775ee2a8784e8c443d49dfcb918c5b9d59b5492a1fe18743b8ba65b7d12514c

  • SSDEEP

    1536:Wio8DVyYs7JZT0uPXn8OS6sIe3ekT5Z240jSZk:WkhyYIJZT0uPXn8OdsIe3c4Ql

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

C2

sostener2024.duckdns.org:2020

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs. 1 IoCs
  • Detects file containing reversed ASEP Autorun registry keys 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NOTIFICACION_JUDICIAL\NOTIFICACION DEMANDA\01Notificacion juridica.exe
    "C:\Users\Admin\AppData\Local\Temp\NOTIFICACION_JUDICIAL\NOTIFICACION DEMANDA\01Notificacion juridica.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:4160
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\SysWOW64\cmd.exe
      2⤵
      • Suspicious use of SetThreadContext
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:3852
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        3⤵
          PID:5024
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4280 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:708

      Network

      MITRE ATT&CK Matrix ATT&CK v13

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\4092e89a
        Filesize

        774KB

        MD5

        8cc45782dcfa91031525826d9fdb3bb1

        SHA1

        6057ae59fbe3861ef3acce900e53222f9707590b

        SHA256

        5af923ca4d93f46915d9460f7f95384aa065a02389b66e36a0d0d28e877c8661

        SHA512

        ed0d47764eab9f4f58e6a53e0d4da866cfaa7eb1cf31ea73fd8cef9b601af1e86fcff1f6b9356882a81dd88eda9e99e65d776153b2fc4016a3439721ff29ffe1

        Download Submit
      • memory/3852-24-0x00000000750B0000-0x000000007522B000-memory.dmp
        Filesize

        1.5MB

        Download
      • memory/3852-17-0x00007FFE8D4D0000-0x00007FFE8D6C5000-memory.dmp
        Filesize

        2.0MB

        Download
      • memory/3852-20-0x00000000750B0000-0x000000007522B000-memory.dmp
        Filesize

        1.5MB

        Download
      • memory/3852-23-0x00000000750B0000-0x000000007522B000-memory.dmp
        Filesize

        1.5MB

        Download
      • memory/3852-19-0x00000000750B0000-0x000000007522B000-memory.dmp
        Filesize

        1.5MB

        Download
      • memory/3852-15-0x00000000750B0000-0x000000007522B000-memory.dmp
        Filesize

        1.5MB

        Download
      • memory/4160-11-0x00000000750B0000-0x000000007522B000-memory.dmp
        Filesize

        1.5MB

        Download
      • memory/4160-1-0x00000000750B0000-0x000000007522B000-memory.dmp
        Filesize

        1.5MB

        Download
      • memory/4160-2-0x00007FFE8D4D0000-0x00007FFE8D6C5000-memory.dmp
        Filesize

        2.0MB

        Download
      • memory/4160-12-0x00000000750B0000-0x000000007522B000-memory.dmp
        Filesize

        1.5MB

        Download
      • memory/4160-0-0x0000000000CB0000-0x0000000000CC1000-memory.dmp
        Filesize

        68KB

        Download
      • memory/4160-13-0x00000000750B0000-0x000000007522B000-memory.dmp
        Filesize

        1.5MB

        Download
      • memory/5024-34-0x0000000004E60000-0x0000000004E70000-memory.dmp
        Filesize

        64KB

        Download
      • memory/5024-26-0x0000000073540000-0x0000000074794000-memory.dmp
        Filesize

        18.3MB

        Download
      • memory/5024-30-0x0000000074B20000-0x00000000752D0000-memory.dmp
        Filesize

        7.7MB

        Download
      • memory/5024-31-0x0000000000560000-0x0000000000576000-memory.dmp
        Filesize

        88KB

        Download
      • memory/5024-32-0x0000000004E60000-0x0000000004E70000-memory.dmp
        Filesize

        64KB

        Download
      • memory/5024-33-0x0000000074B20000-0x00000000752D0000-memory.dmp
        Filesize

        7.7MB

        Download