Overview

overview

10

Static

static

10

playitas.exe

windows7-x64

10

playitas.exe

windows10-2004-x64

10

Resubmissions

12-07-2024 12:56

240712-p6lqhsvajn 10

12-07-2024 10:38

240712-mplyvasbla 10

Analysis

  • max time kernel
    150s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-07-2024 10:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    playitas.exe

  • Size

    47KB

  • MD5

    9f125b7e551098571dfc06e2ab712b05

  • SHA1

    eb0dd8958ec85e2e28ebbbc66696621bda8f75c2

  • SHA256

    6058e45f6c17cda0b28227d09b3c1cdc662051741a0fbdeea6e82a52f5fb9a25

  • SHA512

    3760cdcd2652f3cf2ac6ec4079c283ee81a8c82b33f940ca71ac1ef943295bd803d92fc07a6df4e4ec0ae55529fbd78052dc4c2fb6d8198329bf114c75d1bd6d

  • SSDEEP

    768:YuChNTgoZqNYhWU5RTnLmo2qrLpG887LBrjTlPIaDaqrlbyiGcG9mS0zsJBGSSnY:YuChNTgmqe2op8XVTiaeqpbyoG9RRJBV

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:9388

127.0.0.1:5353

tax-sri.gl.at.ply.gg:9388

tax-sri.gl.at.ply.gg:5353
Mutex

aPR7bsx71z7b

Attributes
  • delay

    3

  • install

    false

  • install_file

    Sez

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\playitas.exe
    "C:\Users\Admin\AppData\Local\Temp\playitas.exe"
    1⤵
      PID:3480
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4940
      • C:\Users\Admin\AppData\Local\Temp\playitas.exe
        "C:\Users\Admin\AppData\Local\Temp\playitas.exe"
        1⤵
          PID:2016
        • C:\Users\Admin\AppData\Local\Temp\playitas.exe
          "C:\Users\Admin\AppData\Local\Temp\playitas.exe"
          1⤵
            PID:4128
          • C:\Windows\system32\LogonUI.exe
            "LogonUI.exe" /flags:0x4 /state0:0xa3950855 /state1:0x41c64e6d
            1⤵
            • Modifies data under HKEY_USERS
            • Suspicious use of SetWindowsHookEx
            PID:616

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\playitas.exe.log
            Filesize

            425B

            MD5

            4eaca4566b22b01cd3bc115b9b0b2196

            SHA1

            e743e0792c19f71740416e7b3c061d9f1336bf94

            SHA256

            34ba0ab8d1850e7825763f413142a333ccbc05fa2b5499a28a7d27b8a1c5b4bb

            SHA512

            bc2b1bf45203e3bb3009a7d37617b8f0f7ffa613680b32de2b963e39d2cf1650614d7035a0cf78f35a4f5cb17a2a439e2e07deaefd2a4275a62efd0a5c0184a1

            Download Submit

          • memory/2016-5-0x0000000074900000-0x00000000750B0000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/2016-6-0x0000000074900000-0x00000000750B0000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/2016-9-0x0000000074900000-0x00000000750B0000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/3480-0-0x000000007490E000-0x000000007490F000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3480-1-0x0000000000500000-0x0000000000512000-memory.dmp

            Filesize

            72KB

            Download

          • memory/3480-2-0x0000000074900000-0x00000000750B0000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/3480-3-0x000000007490E000-0x000000007490F000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3480-4-0x0000000074900000-0x00000000750B0000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/3480-12-0x0000000074900000-0x00000000750B0000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/4128-7-0x0000000074900000-0x00000000750B0000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/4128-11-0x0000000074900000-0x00000000750B0000-memory.dmp

            Filesize

            7.7MB

            Download