asyncrat | a59354e798768e068f79816146d9f7b41e0003c50d5d8c82602fc16a16962999 | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-10-2024 09:31

Sharing

Report Analysis Logs

General

Target

Client.exe
Size

60KB
MD5

324ef4e2187cb8fb01f9ce7b7803c79c
SHA1

f87c6d87f08fcc78a3a8312bc767f81c397be810
SHA256

a59354e798768e068f79816146d9f7b41e0003c50d5d8c82602fc16a16962999
SHA512

a621a85453ccf5426ec0732b26d238c26cf29466d5f0138bfd725fe922437401223df2b50b18ae96be73b15ba39bce9e61cdfac87a81a97d9e88cd23a845430d
SSDEEP

1536:AcSD4758ocxx8OKNhYEMWyhoTTI+xkrypqKmY7:AcSD475jcxx8OWiovI+xkrRz

Score

10^/10

asyncrat rat

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Client.exe

description	pid	process	target process
PID 2080 wrote to memory of 2552	2080	Client.exe	WerFault.exe
PID 2080 wrote to memory of 2552	2080	Client.exe	WerFault.exe
PID 2080 wrote to memory of 2552	2080	Client.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Client.exe
"C:\Users\Admin\AppData\Local\Temp\Client.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2080

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2080 -s 512
2⤵
PID:2552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2080-0-0x000007FEF6363000-0x000007FEF6364000-memory.dmp

Filesize
4KB

Download
memory/2080-1-0x0000000001310000-0x0000000001324000-memory.dmp

Filesize
80KB

Download