Overview

overview

10

Static

static

10

miau.rar

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-08-2024 00:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    miau.rar

  • Size

    27KB

  • MD5

    881e4d149f4500779acea0b645f3a200

  • SHA1

    7a47420ef9f81dda7004324a15e5a985ee3efda3

  • SHA256

    5a1b7ee6eb8b76152c54fa3b0d5fe69589bccaf7adab2250778f79fa45291a9e

  • SHA512

    62a56d50beb478e437e927feb57b551afc039ac15c7e15dc4d8ab21ebe585eea2e2c2fb644dd3d59c61cb23d58b4c693e551f77fc4b053afa963676e6e529533

  • SSDEEP

    768:Sj8WMw9UUf39F0oGSo+b5ReKyE5MQFK2nRHm:Sjaw9Um3/0N1eD+2RG

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:3232

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Async RAT payload 1 IoCs
    rat
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\miau.rar
    1⤵
    • Modifies registry class
    PID:2424
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:724
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4084
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\miau\" -spe -an -ai#7zMap26899:66:7zEvent24594
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:3508
    • C:\Users\Admin\Desktop\miau\Inf1ected.exe
      "C:\Users\Admin\Desktop\miau\Inf1ected.exe"
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:956
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2404
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1808
      • C:\Windows\system32\ipconfig.exe
        ipconfig /all
        2⤵
        • Gathers network information
        PID:2296

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\Desktop\miau\Inf1ected.exe
      Filesize

      63KB

      MD5

      ed98e8e85bf10a9187daf387154fae46

      SHA1

      1710a744adb7d7a936fc5b603d6fcb2a45ce371b

      SHA256

      fab8e536eda62c5935c9056066de98db86a6caafc97ee9d150e124030db3a016

      SHA512

      1dcba37e4d87ded88a036e3b1b83a289db04e7ebfac2a16b52b23c7ffb2525d2c055bf4d5c85afdf37615d167ae1cbfdcf8a0cf19798628af3cf93324156fdc1

      Download Submit

    • memory/956-4-0x0000000000460000-0x0000000000476000-memory.dmp

      Filesize

      88KB

      Download

    • memory/2404-5-0x00000258A84E0000-0x00000258A84E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2404-7-0x00000258A84E0000-0x00000258A84E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2404-6-0x00000258A84E0000-0x00000258A84E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2404-11-0x00000258A84E0000-0x00000258A84E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2404-17-0x00000258A84E0000-0x00000258A84E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2404-16-0x00000258A84E0000-0x00000258A84E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2404-15-0x00000258A84E0000-0x00000258A84E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2404-14-0x00000258A84E0000-0x00000258A84E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2404-13-0x00000258A84E0000-0x00000258A84E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2404-12-0x00000258A84E0000-0x00000258A84E1000-memory.dmp

      Filesize

      4KB

      Download