asyncrat | efd0b60d95cc2ab93e3a8c0379abb8bf8cc2e4fc51cb5dace11bcd695accd4f5

Analysis

max time kernel
132s
max time network
142s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12-08-2024 01:23

Target

efd0b60d95cc2ab93e3a8c0379abb8bf8cc2e4fc51cb5dace11bcd695accd4f5.exe
Size

63KB
MD5

77c3e75b0a76cb3deb940bcb38486568
SHA1

80282f7cea966f51f1c261ce2d35d76da017e84a
SHA256

efd0b60d95cc2ab93e3a8c0379abb8bf8cc2e4fc51cb5dace11bcd695accd4f5
SHA512

068509bf328a063d16a4702e3f31430df64319164bffd3628aec25c04d9e05e1f199fd584fe4fb5a3ee5c716aece9791005e1add2ee9c02acc3c017e652bed70
SSDEEP

1536:SEXi4PmntF92/QYUbyq9RcO3euUdpqKmY7:SZ+mntaYYUbymcrGz

Score

10^/10

Family

asyncrat

Botnet

Default

add-parker.gl.at.ply.gg:3232

Attributes

aes.plain

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2668	efd0b60d95cc2ab93e3a8c0379abb8bf8cc2e4fc51cb5dace11bcd695accd4f5.exe

C:\Users\Admin\AppData\Local\Temp\efd0b60d95cc2ab93e3a8c0379abb8bf8cc2e4fc51cb5dace11bcd695accd4f5.exe
"C:\Users\Admin\AppData\Local\Temp\efd0b60d95cc2ab93e3a8c0379abb8bf8cc2e4fc51cb5dace11bcd695accd4f5.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2668

memory/2668-0-0x000007FEF5543000-0x000007FEF5544000-memory.dmp

Filesize
4KB

Download
memory/2668-1-0x0000000000B00000-0x0000000000B16000-memory.dmp

Filesize
88KB

Download
memory/2668-2-0x000007FEF5540000-0x000007FEF5F2C000-memory.dmp

Filesize
9.9MB

Download
memory/2668-3-0x000007FEF5540000-0x000007FEF5F2C000-memory.dmp

Filesize
9.9MB

Download
memory/2668-4-0x000007FEF5543000-0x000007FEF5544000-memory.dmp

Filesize
4KB

Download
memory/2668-5-0x000007FEF5540000-0x000007FEF5F2C000-memory.dmp

Filesize
9.9MB

Download