asyncrat | fdc933b64df0832a1f88f0e19a4cab67fb110d54c4913367a7215d7890f8a5b7

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 01:58

Target

fdc933b64df0832a1f88f0e19a4cab67fb110d54c4913367a7215d7890f8a5b7.exe
Size

405KB
MD5

c4e10100c5cf7bec2d9d0a1d7203ddb2
SHA1

24a6ecd52fb2165b8563a2853898316851638871
SHA256

fdc933b64df0832a1f88f0e19a4cab67fb110d54c4913367a7215d7890f8a5b7
SHA512

ff6bd9bdcb95641c5e19aeef99d9cdddb33b5b309ec358a1a50ba00d2cea9a3fa22a0239b4e09d4a8904d4b7f470bbc621d5e0d60331bc5800709d308faf3202
SSDEEP

6144:0NYzj2jBoO33tq6qbXaYBc1g5aN9KBBBBBBByygHG/bZbYdNpmIU:eYzAq81g5aN+BoKD

Score

10^/10

asyncrat rat

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\ms-settings\shell\open\command	fdc933b64df0832a1f88f0e19a4cab67fb110d54c4913367a7215d7890f8a5b7.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\ms-settings	fdc933b64df0832a1f88f0e19a4cab67fb110d54c4913367a7215d7890f8a5b7.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\ms-settings\shell	fdc933b64df0832a1f88f0e19a4cab67fb110d54c4913367a7215d7890f8a5b7.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\ms-settings\shell\open	fdc933b64df0832a1f88f0e19a4cab67fb110d54c4913367a7215d7890f8a5b7.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\ms-settings\shell\open\command\	fdc933b64df0832a1f88f0e19a4cab67fb110d54c4913367a7215d7890f8a5b7.exe

C:\Users\Admin\AppData\Local\Temp\fdc933b64df0832a1f88f0e19a4cab67fb110d54c4913367a7215d7890f8a5b7.exe
"C:\Users\Admin\AppData\Local\Temp\fdc933b64df0832a1f88f0e19a4cab67fb110d54c4913367a7215d7890f8a5b7.exe"
1⤵
- Modifies registry class
PID:744

memory/744-0-0x0000000000AD0000-0x0000000000B3C000-memory.dmp

Filesize
432KB

Download
memory/744-1-0x00007FFA4C3A3000-0x00007FFA4C3A5000-memory.dmp

Filesize
8KB

Download
memory/744-2-0x00007FFA4C3A0000-0x00007FFA4CE61000-memory.dmp

Filesize
10.8MB

Download
memory/744-3-0x00007FFA4C3A0000-0x00007FFA4CE61000-memory.dmp

Filesize
10.8MB

Download