asyncrat | c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-10-2024 06:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5fd523b7147afde2679a7fcf2fac2a07.exe
Size

959KB
MD5

5fd523b7147afde2679a7fcf2fac2a07
SHA1

b680d96592494011aa5c3fd322ad065baeaf5b28
SHA256

c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699
SHA512

f45fc81a8735ca80ba6a2c83e867baa7c5dc853cd69b164d8eb3a4737400576db655437749dd71b9b67ebf445ebc95e4d43f12566e8693fa04e4055f3317f91e
SSDEEP

24576:/Lse4BvEow8Z1LRMTYmT0vPkx1n3anW8rBMrT48UlPGv:IeKsowsYnB1nqnlMH48iGv

Score

10^/10

asyncrat rat

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

Processes:

5fd523b7147afde2679a7fcf2fac2a07.exe

description pid process target process

PID 4864 created 3468 4864 5fd523b7147afde2679a7fcf2fac2a07.exe Explorer.EXE
Suspicious use of SetThreadContext 1 IoCs

Processes:

5fd523b7147afde2679a7fcf2fac2a07.exe

description pid process target process

PID 4864 set thread context of 4932 4864 5fd523b7147afde2679a7fcf2fac2a07.exe 5fd523b7147afde2679a7fcf2fac2a07.exe
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

5fd523b7147afde2679a7fcf2fac2a07.exe

pid process

4864 5fd523b7147afde2679a7fcf2fac2a07.exe

description	pid	process	target process
PID 4864 created 3468	4864	5fd523b7147afde2679a7fcf2fac2a07.exe	Explorer.EXE

description	pid	process	target process
PID 4864 set thread context of 4932	4864	5fd523b7147afde2679a7fcf2fac2a07.exe	5fd523b7147afde2679a7fcf2fac2a07.exe

pid	process
4864	5fd523b7147afde2679a7fcf2fac2a07.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

5fd523b7147afde2679a7fcf2fac2a07.exe5fd523b7147afde2679a7fcf2fac2a07.exe

description	pid	process
Token: SeDebugPrivilege	4864	5fd523b7147afde2679a7fcf2fac2a07.exe
Token: SeDebugPrivilege	4864	5fd523b7147afde2679a7fcf2fac2a07.exe
Token: SeDebugPrivilege	4932	5fd523b7147afde2679a7fcf2fac2a07.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

5fd523b7147afde2679a7fcf2fac2a07.exe

description	pid	process	target process
PID 4864 wrote to memory of 4932	4864	5fd523b7147afde2679a7fcf2fac2a07.exe	5fd523b7147afde2679a7fcf2fac2a07.exe
PID 4864 wrote to memory of 4932	4864	5fd523b7147afde2679a7fcf2fac2a07.exe	5fd523b7147afde2679a7fcf2fac2a07.exe
PID 4864 wrote to memory of 4932	4864	5fd523b7147afde2679a7fcf2fac2a07.exe	5fd523b7147afde2679a7fcf2fac2a07.exe
PID 4864 wrote to memory of 4932	4864	5fd523b7147afde2679a7fcf2fac2a07.exe	5fd523b7147afde2679a7fcf2fac2a07.exe
PID 4864 wrote to memory of 4932	4864	5fd523b7147afde2679a7fcf2fac2a07.exe	5fd523b7147afde2679a7fcf2fac2a07.exe
PID 4864 wrote to memory of 4932	4864	5fd523b7147afde2679a7fcf2fac2a07.exe	5fd523b7147afde2679a7fcf2fac2a07.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\5fd523b7147afde2679a7fcf2fac2a07.exe
"C:\Users\Admin\AppData\Local\Temp\5fd523b7147afde2679a7fcf2fac2a07.exe"
2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4864

C:\Users\Admin\AppData\Local\Temp\5fd523b7147afde2679a7fcf2fac2a07.exe
"C:\Users\Admin\AppData\Local\Temp\5fd523b7147afde2679a7fcf2fac2a07.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:4932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4864-0-0x00007FFD0AF03000-0x00007FFD0AF05000-memory.dmp

Filesize
8KB

Download
memory/4864-1-0x00000231E4E30000-0x00000231E4F24000-memory.dmp

Filesize
976KB

Download
memory/4864-2-0x00000231FF3A0000-0x00000231FF486000-memory.dmp

Filesize
920KB

Download
memory/4864-3-0x00000231FF590000-0x00000231FF678000-memory.dmp

Filesize
928KB

Download
memory/4864-26-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-24-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-36-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-68-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-66-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-64-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-62-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-60-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-58-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-54-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-52-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-50-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-46-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-44-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-42-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-34-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-32-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-30-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-28-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-22-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-20-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-18-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-12-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-10-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-7-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-5-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-4-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-56-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-48-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-40-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-38-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-16-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-14-0x00000231FF590000-0x00000231FF672000-memory.dmp

Filesize
904KB

Download
memory/4864-9-0x00007FFD0AF00000-0x00007FFD0B9C1000-memory.dmp

Filesize
10.8MB

Download
memory/4864-1079-0x00007FFD0AF00000-0x00007FFD0B9C1000-memory.dmp

Filesize
10.8MB

Download
memory/4864-1081-0x0000023180080000-0x00000231800CC000-memory.dmp

Filesize
304KB

Download
memory/4864-1080-0x0000023180020000-0x0000023180084000-memory.dmp

Filesize
400KB

Download
memory/4864-1086-0x00007FFD0AF00000-0x00007FFD0B9C1000-memory.dmp

Filesize
10.8MB

Download
memory/4864-1085-0x00007FFD0AF00000-0x00007FFD0B9C1000-memory.dmp

Filesize
10.8MB

Download
memory/4864-1087-0x00007FFD0AF00000-0x00007FFD0B9C1000-memory.dmp

Filesize
10.8MB

Download
memory/4864-1088-0x00007FFD0AF03000-0x00007FFD0AF05000-memory.dmp

Filesize
8KB

Download
memory/4864-1089-0x00007FFD0AF00000-0x00007FFD0B9C1000-memory.dmp

Filesize
10.8MB

Download
memory/4864-1090-0x00000231800D0000-0x0000023180124000-memory.dmp

Filesize
336KB

Download
memory/4864-1094-0x00007FFD0AF00000-0x00007FFD0B9C1000-memory.dmp

Filesize
10.8MB

Download
memory/4932-1092-0x0000000140000000-0x000000014002C000-memory.dmp

Filesize
176KB

Download
memory/4932-1093-0x00007FFD0AF00000-0x00007FFD0B9C1000-memory.dmp

Filesize
10.8MB

Download
memory/4932-1095-0x00007FFD0AF00000-0x00007FFD0B9C1000-memory.dmp

Filesize
10.8MB

Download
memory/4932-1098-0x00007FFD0AF00000-0x00007FFD0B9C1000-memory.dmp

Filesize
10.8MB

Download
memory/4932-1099-0x00007FFD0AF00000-0x00007FFD0B9C1000-memory.dmp

Filesize
10.8MB

Download
memory/4932-1100-0x00007FFD0AF00000-0x00007FFD0B9C1000-memory.dmp

Filesize
10.8MB

Download
memory/4932-1101-0x00007FFD0AF00000-0x00007FFD0B9C1000-memory.dmp

Filesize
10.8MB

Download