Analysis Overview
SHA256
de60ecbbfef30c93fe8875ef69b358b20076d1f969fc3d21ab44d59dc9ef7cab
Threat Level: Known bad
The file BoratRat.exe was found to be: Known bad.
Malicious Activity Summary
AsyncRat
Asyncrat family
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-29 20:34
Signatures
Asyncrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-29 20:34
Reported
2024-06-29 20:35
Platform
win11-20240508-en
Max time kernel
17s
Max time network
24s
Command Line
Signatures
AsyncRat
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\BoratRat.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BoratRat.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BoratRat.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\BoratRat.exe
"C:\Users\Admin\AppData\Local\Temp\BoratRat.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
Network
Files
memory/5040-0-0x00007FF829673000-0x00007FF829675000-memory.dmp
memory/5040-1-0x000002A7F03D0000-0x000002A7F17DA000-memory.dmp
memory/5040-2-0x00007FF829670000-0x00007FF82A132000-memory.dmp
memory/5040-3-0x00007FF829670000-0x00007FF82A132000-memory.dmp
memory/5040-5-0x00007FF829670000-0x00007FF82A132000-memory.dmp