Malware Analysis Report

2024-10-23 19:27

Sample ID 240629-y5v28syejm
Target Borat.rar
SHA256 53cdc49c7fb83b419c07edb45c544b106aaa37db00e8a37211678af6350a82f1
Tags
asyncrat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

53cdc49c7fb83b419c07edb45c544b106aaa37db00e8a37211678af6350a82f1

Threat Level: Known bad

The file Borat.rar was found to be: Known bad.

Malicious Activity Summary

asyncrat

Asyncrat family

Unsigned PE

Enumerates physical storage devices

Modifies registry class

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-29 20:22

Signatures

Asyncrat family

asyncrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-29 20:22

Reported

2024-06-29 21:04

Platform

win11-20240611-en

Max time kernel

448s

Max time network

456s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Borat.rar

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Borat.rar

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Files

N/A