asyncrat | 7331368c01b2a16bda0f013f376a039e6aeb4cb2dd8b0c2afc7ca208fb544c58

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
18-07-2024 22:30

Target

VenomRAT.exe
Size

14.2MB
MD5

3b3a304c6fc7a3a1d9390d7cbff56634
SHA1

e8bd5244e6362968f5017680da33f1e90ae63dd7
SHA256

7331368c01b2a16bda0f013f376a039e6aeb4cb2dd8b0c2afc7ca208fb544c58
SHA512

7f1beacb6449b3b3e108016c8264bb9a21ecba526c2778794f16a7f9c817c0bbd5d4cf0c208d706d25c54322a875da899ab047aab1e07684f6b7b6083981abe5
SSDEEP

196608:Nja6chUZX81lbFklbYJygrP7aIBhLkNPFCZZwiJl1NLIsPA8fxvuIMzd/95UhS14:qT+P+Zw6NLIsFfskh1BmXG04

Score

10^/10

asyncrat rat

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 2724	2004	VenomRAT.exe	31
PID 2004 wrote to memory of 2724	2004	VenomRAT.exe	31
PID 2004 wrote to memory of 2724	2004	VenomRAT.exe	31

C:\Users\Admin\AppData\Local\Temp\VenomRAT.exe
"C:\Users\Admin\AppData\Local\Temp\VenomRAT.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2004 -s 528
  2⤵
  PID:2724

memory/2004-0-0x000007FEF5993000-0x000007FEF5994000-memory.dmp

Filesize
4KB

Download
memory/2004-1-0x0000000000230000-0x0000000001064000-memory.dmp

Filesize
14.2MB

Download