Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    21-06-2024 06:23

General

  • Target

    smss.exe

  • Size

    45KB

  • MD5

    322f3a9930c2b8bbe4219b625b059534

  • SHA1

    66ab140d5e62cc2fe41332e838e5f4193d4c4d70

  • SHA256

    c5cbda7d8c16b604f27f1f269625f7ac1a66575877a7043ddd33b23fa706ea35

  • SHA512

    7d70bb644a46e1bd0c840c694111619d86377bd4b2209282fd941cc2251850cbdb52d1476d55dd42aefaaa13e2fd119dbc420575d19c00e0b0c7de2c6a2b7c5b

  • SSDEEP

    768:NuPfZTg4pYiWUU9jjmo2qr5VllVq6GcPIXzjbOgX3MU24GM3iWq0ZxWBDZOx:NuPfZTgKa22V/o6GhX3bxX8UKMy4wdOx

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

4.tcp.eu.ngrok.io:11252

Mutex

vajFIsez1yTW

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\smss.exe
    "C:\Users\Admin\AppData\Local\Temp\smss.exe"
    1⤵
      PID:2016

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2016-0-0x0000000073FAE000-0x0000000073FAF000-memory.dmp
      Filesize

      4KB

    • memory/2016-1-0x0000000000340000-0x0000000000352000-memory.dmp
      Filesize

      72KB

    • memory/2016-2-0x0000000073FA0000-0x000000007468E000-memory.dmp
      Filesize

      6.9MB

    • memory/2016-3-0x0000000073FAE000-0x0000000073FAF000-memory.dmp
      Filesize

      4KB

    • memory/2016-4-0x0000000073FA0000-0x000000007468E000-memory.dmp
      Filesize

      6.9MB