Overview

overview

10

Static

static

3

ComSvcConfig.exe

windows11-21h2-x64

10

Resubmissions

13-07-2024 00:36

240713-ax9cwsxgnm 10

13-07-2024 00:25

240713-aqngvaxdrp 10

Analysis

  • max time kernel
    146s
  • max time network
    153s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13-07-2024 00:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ComSvcConfig.exe

  • Size

    91KB

  • MD5

    531a8b9dcacc1caf586fc3c54d5b0d5c

  • SHA1

    33544df2d37910946f323b185447b2602b5df73c

  • SHA256

    f42dccf9d4ccc4e8c4ff16ec291d75d2c89a9ff09896fa39575abe4f1193d62d

  • SHA512

    08123799a24f5332283df02b270d7746c2d3a736667b5b030005f793c892ff35d026dcf7bed9eb927a6b67fae983c01b5ec3fabec50707b4b48f4ee71f58a5d2

  • SSDEEP

    1536:kMdVnKe6rNBEgHEB3uZaYx/2AAuAFQO+xZYhii/RoYy9B5Ilu67KhkFkTit:kMd9MNKoSAZbZQiCRoYy9B5Ilu67Kh/+

Score
10/10
asyncratyrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Y

C2

20.199.8.16:1726

Mutex

eYLuHMmPZK7A

Attributes
  • delay

    3

  • install

    false

  • install_file

    SeacrhIndexer

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ComSvcConfig.exe
    "C:\Users\Admin\AppData\Local\Temp\ComSvcConfig.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4940
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      #system32
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4944
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3044

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4940-0-0x000000007464E000-0x000000007464F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4940-1-0x0000000000520000-0x000000000053E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/4940-4-0x0000000074640000-0x0000000074DF1000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4940-10-0x0000000074640000-0x0000000074DF1000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4944-2-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4944-5-0x0000000074640000-0x0000000074DF1000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4944-6-0x0000000074640000-0x0000000074DF1000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4944-7-0x0000000005330000-0x00000000053CC000-memory.dmp

      Filesize

      624KB

      Download

    • memory/4944-8-0x0000000005980000-0x0000000005F26000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4944-9-0x00000000053D0000-0x0000000005436000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4944-11-0x0000000074640000-0x0000000074DF1000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4944-12-0x0000000074640000-0x0000000074DF1000-memory.dmp

      Filesize

      7.7MB

      Download