Overview

overview

10

Static

static

10

aa94c1aadc...74.exe

windows7-x64

10

aa94c1aadc...74.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 04:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa94c1aadc9deac22bb53a302dacbb087d18ac73c5896cfce70b54b78a49b174.exe

  • Size

    45KB

  • MD5

    1f26580b09823700ac6d52ff6555edc0

  • SHA1

    af39adb900f6a73fb280ee79b1f8246adf23c5f9

  • SHA256

    aa94c1aadc9deac22bb53a302dacbb087d18ac73c5896cfce70b54b78a49b174

  • SHA512

    49a82180d3dc9d8b8499abb0f2dfe94a6fce0df70892d407f49f1048da40e56f20d6fe2fda5ec1d7632779fa6d6cc79cea4198f0790171f345206faca9a2567c

  • SSDEEP

    768:lu6XdTvER+SWUk6P4mo2qbEKjPGaG6PIyzjbFgX3iwI90j30BDZWx:lu6XdTv2S2RKTkDy3bCXSndWx

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808
Mutex

Tt0Bl0xVkDS2

Attributes
  • delay

    3

  • install

    false

  • install_file

    word.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aa94c1aadc9deac22bb53a302dacbb087d18ac73c5896cfce70b54b78a49b174.exe
    "C:\Users\Admin\AppData\Local\Temp\aa94c1aadc9deac22bb53a302dacbb087d18ac73c5896cfce70b54b78a49b174.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/468-0-0x0000000074EBE000-0x0000000074EBF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/468-1-0x0000000000B40000-0x0000000000B52000-memory.dmp

    Filesize

    72KB

    Download

  • memory/468-2-0x0000000074EB0000-0x0000000075660000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/468-3-0x00000000054D0000-0x0000000005536000-memory.dmp

    Filesize

    408KB

    Download

  • memory/468-4-0x0000000005990000-0x0000000005A2C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/468-5-0x0000000074EBE000-0x0000000074EBF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/468-6-0x0000000074EB0000-0x0000000075660000-memory.dmp

    Filesize

    7.7MB

    Download