4c2c034fdbb93dbb5902b3863cd5328b99d91377150683de8e61e63297ef0d24 | Triage

Analysis

max time kernel
1158s
max time network
1162s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 07:26 UTC

Sharing

Report Analysis Logs

General

Target

New folder/AsyncRAT/Plugins/RemoteDesktop.dll
Size

390KB
MD5

cd4a9e669264419eca4de564e6272fe0
SHA1

bb69bb1542ea06395df74dbedc98866d6c8a36cb
SHA256

56fd699258a7186f709068c283cd725797bab392e3a6f1cd28f35bbdb3e98e38
SHA512

5addb4f97c7e1cb69e5167e670bd2c3a817e0415f1fd8a5158af7e03e4340a8b1a6d803e85c9ea56415b9e7d3dcb4c352775a6a6b4770443d72114396ffaa1e5
SSDEEP

6144:KdHdVObvTS8nmScJEB/2Jin8SF1hG+ht6Oaynf/wKlWCkKI5J5sZva:xCQ2wHFagf/wKlncg

Score

1^/10

Malware Config

Signatures

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\New folder\AsyncRAT\Plugins\RemoteDesktop.dll",#1
1⤵
PID:1980

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

No results found

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

330 B
5

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads