Overview

overview

10

Static

static

1

01 PROCESO...AL.exe

windows7-x64

10

01 PROCESO...AL.exe

windows10-2004-x64

10

01 PROCESO...c_.dll

windows7-x64

1

01 PROCESO...c_.dll

windows10-2004-x64

1

01 PROCESO...m_.dll

windows7-x64

1

01 PROCESO...m_.dll

windows10-2004-x64

1

01 PROCESO...t_.dll

windows7-x64

1

01 PROCESO...t_.dll

windows10-2004-x64

1

01 PROCESO...ep.rar

windows7-x64

3

01 PROCESO...ep.rar

windows10-2004-x64

3

01 PROCESO...20.dll

windows7-x64

1

01 PROCESO...20.dll

windows10-2004-x64

1

01 PROCESO...ia.yml

windows7-x64

3

01 PROCESO...ia.yml

windows10-2004-x64

3

01 PROCESO...20.dll

windows7-x64

1

01 PROCESO...20.dll

windows10-2004-x64

1

01 PROCESO...20.dll

windows7-x64

3

01 PROCESO...20.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 22:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    01 PROCESO JUDICIAL/01 PROCESO JUDICIAL.exe

  • Size

    2.3MB

  • MD5

    5d52ef45b6e5bf144307a84c2af1581b

  • SHA1

    414a899ec327d4a9daa53983544245b209f25142

  • SHA256

    26a24d3b0206c6808615c7049859c2fe62c4dcd87e7858be40ae8112b0482616

  • SHA512

    458f47c1e4ccf41edaacc57abb663ee77ca098fffc596fad941bbdea67653aeabc79b34d607078b9ee5adb45614e26f5c28a09e8faf9532081fdd5dec9ac3c48

  • SSDEEP

    49152:DzO+g39FbI0eQf/Z3CarWedoYAmXviDTMtT2wkqN5K:DzO19Fnf/hdoYAm9ZkqN5K

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

Default

C2

miguel2024.kozow.com:2020

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\01 PROCESO JUDICIAL\01 PROCESO JUDICIAL.exe
    "C:\Users\Admin\AppData\Local\Temp\01 PROCESO JUDICIAL\01 PROCESO JUDICIAL.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:4368
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\SysWOW64\cmd.exe
      2⤵
      • Suspicious use of SetThreadContext
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:1056
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:512

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8d8f6100
    Filesize

    777KB

    MD5

    2ce99876b1c416b946a102bc81ca0b93

    SHA1

    57bd42a3dc480ba59cdd89d17e6055d8452827cf

    SHA256

    12b40ad5d80a3496a3401ae0c0f58b77f27d86540725ba78d77fb7b71032ea08

    SHA512

    13e344c38a9dfec4255615bba0a3bf11626a5660705d974910480b62073727e3ef2db0ba6b3afc507ebaa924d9fbcb7e00360f8ae48c9f66c4c2fd2f83e66ec7

    Download Submit
  • memory/512-32-0x0000000073460000-0x00000000746B4000-memory.dmp
    Filesize

    18.3MB

    Download
  • memory/512-43-0x0000000072CB0000-0x0000000073460000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/512-42-0x0000000072CBE000-0x0000000072CBF000-memory.dmp
    Filesize

    4KB

    Download
  • memory/512-41-0x00000000059F0000-0x00000000059FA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/512-40-0x0000000005A00000-0x0000000005A92000-memory.dmp
    Filesize

    584KB

    Download
  • memory/512-39-0x0000000005DC0000-0x0000000006364000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/512-38-0x0000000072CB0000-0x0000000073460000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/512-37-0x0000000001000000-0x0000000001016000-memory.dmp
    Filesize

    88KB

    Download
  • memory/512-36-0x0000000072CBE000-0x0000000072CBF000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1056-23-0x00007FFCC6C50000-0x00007FFCC6E45000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1056-33-0x00000000749C0000-0x0000000074B3B000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/1056-22-0x00000000749C0000-0x0000000074B3B000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/1056-30-0x00000000749C0000-0x0000000074B3B000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/1056-29-0x00000000749C0000-0x0000000074B3B000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/1056-25-0x00000000749C0000-0x0000000074B3B000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/1056-27-0x00000000749C0000-0x0000000074B3B000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/4368-0-0x00000000749C0000-0x0000000074B3B000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/4368-14-0x0000000000400000-0x0000000000698000-memory.dmp
    Filesize

    2.6MB

    Download
  • memory/4368-17-0x0000000050000000-0x0000000050116000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/4368-18-0x0000000057800000-0x0000000057812000-memory.dmp
    Filesize

    72KB

    Download
  • memory/4368-19-0x0000000050120000-0x000000005030D000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/4368-20-0x0000000050310000-0x0000000050349000-memory.dmp
    Filesize

    228KB

    Download
  • memory/4368-16-0x0000000057000000-0x000000005703F000-memory.dmp
    Filesize

    252KB

    Download
  • memory/4368-15-0x0000000059800000-0x000000005986E000-memory.dmp
    Filesize

    440KB

    Download
  • memory/4368-12-0x00000000749C0000-0x0000000074B3B000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/4368-11-0x00000000749C0000-0x0000000074B3B000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/4368-10-0x00000000749D2000-0x00000000749D4000-memory.dmp
    Filesize

    8KB

    Download
  • memory/4368-1-0x00007FFCC6C50000-0x00007FFCC6E45000-memory.dmp
    Filesize

    2.0MB

    Download