Overview

overview

10

Static

static

1

NOTIFICACI...ca.exe

windows7-x64

10

NOTIFICACI...ca.exe

windows10-2004-x64

10

NOTIFICACI....0.dll

windows7-x64

1

NOTIFICACI....0.dll

windows10-2004-x64

3

NOTIFICACI....0.dll

windows7-x64

1

NOTIFICACI....0.dll

windows10-2004-x64

3

NOTIFICACI....0.dll

windows7-x64

1

NOTIFICACI....0.dll

windows10-2004-x64

3

NOTIFICACI....0.dll

windows7-x64

1

NOTIFICACI....0.dll

windows10-2004-x64

3

NOTIFICACI...nv.dll

windows7-x64

3

NOTIFICACI...nv.dll

windows10-2004-x64

3

NOTIFICACI...tl.dll

windows7-x64

1

NOTIFICACI...tl.dll

windows10-2004-x64

3

NOTIFICACI...o.html

windows7-x64

1

NOTIFICACI...o.html

windows10-2004-x64

1

NOTIFICACI...ls.dll

windows7-x64

1

NOTIFICACI...ls.dll

windows10-2004-x64

3

NOTIFICACI...28.exe

windows7-x64

5

NOTIFICACI...28.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    148s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-04-2024 09:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NOTIFICACION_JUDICIAL/NOTIFICACION DEMANDA/01Notificacion juridica.exe

  • Size

    63KB

  • MD5

    ae224c5e196ff381836c9e95deebb7d5

  • SHA1

    910446a2a0f4e53307b6fdeb1a3e236c929e2ef4

  • SHA256

    bf933ccf86c55fc328e343b55dbf2e8ebd528e8a0a54f8f659cd0d4b4f261f26

  • SHA512

    f845dbb13b04f76b6823bec48e1c47f96bcbd6d02a834c8b128ac750fe338b53f775ee2a8784e8c443d49dfcb918c5b9d59b5492a1fe18743b8ba65b7d12514c

  • SSDEEP

    1536:Wio8DVyYs7JZT0uPXn8OS6sIe3ekT5Z240jSZk:WkhyYIJZT0uPXn8OdsIe3c4Ql

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

C2

sostener2024.duckdns.org:2020

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NOTIFICACION_JUDICIAL\NOTIFICACION DEMANDA\01Notificacion juridica.exe
    "C:\Users\Admin\AppData\Local\Temp\NOTIFICACION_JUDICIAL\NOTIFICACION DEMANDA\01Notificacion juridica.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:652
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\SysWOW64\cmd.exe
      2⤵
      • Suspicious use of SetThreadContext
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:2300
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        3⤵
          PID:2512

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\7eb43c71
      Filesize

      774KB

      MD5

      c320c32c5fb992d63ba7c8fccfe1f666

      SHA1

      b017b5e4eddc36955de15da1b149f02e7dcc248c

      SHA256

      b9b351171d3081d77a6c29be7c52989ecc8eb76796f540f360813ab5a3f47806

      SHA512

      e81256e80d6d94bb765ce36d201dac76b44f2ed18f57c14e18747b85e2a2e350ae8343316b280a88df5d47c839fbd6aeab36dcabf2afcbae49d991266036dd51

      Download Submit
    • memory/652-0-0x0000000000A50000-0x0000000000A61000-memory.dmp
      Filesize

      68KB

      Download
    • memory/652-1-0x00000000753B0000-0x000000007552B000-memory.dmp
      Filesize

      1.5MB

      Download
    • memory/652-2-0x00007FF95BD70000-0x00007FF95BF65000-memory.dmp
      Filesize

      2.0MB

      Download
    • memory/652-11-0x00000000753B0000-0x000000007552B000-memory.dmp
      Filesize

      1.5MB

      Download
    • memory/652-12-0x00000000753B0000-0x000000007552B000-memory.dmp
      Filesize

      1.5MB

      Download
    • memory/2300-18-0x00000000753B0000-0x000000007552B000-memory.dmp
      Filesize

      1.5MB

      Download
    • memory/2300-16-0x00007FF95BD70000-0x00007FF95BF65000-memory.dmp
      Filesize

      2.0MB

      Download
    • memory/2300-14-0x00000000753B0000-0x000000007552B000-memory.dmp
      Filesize

      1.5MB

      Download
    • memory/2300-19-0x00000000753B0000-0x000000007552B000-memory.dmp
      Filesize

      1.5MB

      Download
    • memory/2300-22-0x00000000753B0000-0x000000007552B000-memory.dmp
      Filesize

      1.5MB

      Download
    • memory/2300-23-0x00000000753B0000-0x000000007552B000-memory.dmp
      Filesize

      1.5MB

      Download
    • memory/2300-25-0x00000000753B0000-0x000000007552B000-memory.dmp
      Filesize

      1.5MB

      Download
    • memory/2512-26-0x0000000073840000-0x0000000074A94000-memory.dmp
      Filesize

      18.3MB

      Download
    • memory/2512-30-0x0000000073090000-0x0000000073840000-memory.dmp
      Filesize

      7.7MB

      Download
    • memory/2512-29-0x0000000000FC0000-0x0000000000FD6000-memory.dmp
      Filesize

      88KB

      Download
    • memory/2512-31-0x00000000054B0000-0x00000000054C0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2512-32-0x0000000073090000-0x0000000073840000-memory.dmp
      Filesize

      7.7MB

      Download
    • memory/2512-33-0x00000000054B0000-0x00000000054C0000-memory.dmp
      Filesize

      64KB

      Download