asyncrat | 1bfd810ac3f88c932dd3894863751336b942026dc0de521b2ccee81784997658

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
17-08-2024 06:40

Target

c11ed826492b47ebfc36a30cf0cd0b50N.exe
Size

63KB
MD5

c11ed826492b47ebfc36a30cf0cd0b50
SHA1

18c5e09391263a6afba3a3b1af03a1bd5a0de2c4
SHA256

1bfd810ac3f88c932dd3894863751336b942026dc0de521b2ccee81784997658
SHA512

4d158e4dbca83bfb96f388494288e7710cff101971043a43e187707171e1ea93c63c904940f91b46ee063736da935ea7ca3d38db4427de91d4f5208a0ba625a1
SSDEEP

768:xCAcCeN+JPQkJvuEN8KF9tE+4OpbuPbxYz501pulldkSHYdrzSCnHmBbs1GpoV1z:xsCe4lrib+YpmtHkq+6bpooEtjx7wNw

Score

10^/10

asyncrat rat

Family

asyncrat

43.154.203.129:8848

Attributes

aes.plain

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3068	c11ed826492b47ebfc36a30cf0cd0b50N.exe

C:\Users\Admin\AppData\Local\Temp\c11ed826492b47ebfc36a30cf0cd0b50N.exe
"C:\Users\Admin\AppData\Local\Temp\c11ed826492b47ebfc36a30cf0cd0b50N.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3068

memory/3068-0-0x000007FEF5D23000-0x000007FEF5D24000-memory.dmp

Filesize
4KB

Download
memory/3068-1-0x00000000010D0000-0x00000000010E6000-memory.dmp

Filesize
88KB

Download
memory/3068-2-0x000007FEF5D20000-0x000007FEF670C000-memory.dmp

Filesize
9.9MB

Download
memory/3068-3-0x000007FEF5D20000-0x000007FEF670C000-memory.dmp

Filesize
9.9MB

Download
memory/3068-4-0x000007FEF5D23000-0x000007FEF5D24000-memory.dmp

Filesize
4KB

Download
memory/3068-5-0x000007FEF5D20000-0x000007FEF670C000-memory.dmp

Filesize
9.9MB

Download