asyncrat | c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-10-2024 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe
Size

959KB
MD5

5fd523b7147afde2679a7fcf2fac2a07
SHA1

b680d96592494011aa5c3fd322ad065baeaf5b28
SHA256

c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699
SHA512

f45fc81a8735ca80ba6a2c83e867baa7c5dc853cd69b164d8eb3a4737400576db655437749dd71b9b67ebf445ebc95e4d43f12566e8693fa04e4055f3317f91e
SSDEEP

24576:/Lse4BvEow8Z1LRMTYmT0vPkx1n3anW8rBMrT48UlPGv:IeKsowsYnB1nqnlMH48iGv

Score

10^/10

asyncrat rat

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

Processes:

c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe

description pid process target process

PID 760 created 3536 760 c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe Explorer.EXE

description	pid	process	target process
PID 760 created 3536	760	c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe	Explorer.EXE

Suspicious use of SetThreadContext 1 IoCs

Processes:

c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe

description	pid	process	target process
PID 760 set thread context of 1988	760	c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe	c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe

pid process

760 c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe

pid	process
760	c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exec4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe

description	pid	process
Token: SeDebugPrivilege	760	c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe
Token: SeDebugPrivilege	760	c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe
Token: SeDebugPrivilege	1988	c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe

description	pid	process	target process
PID 760 wrote to memory of 1988	760	c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe	c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe
PID 760 wrote to memory of 1988	760	c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe	c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe
PID 760 wrote to memory of 1988	760	c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe	c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe
PID 760 wrote to memory of 1988	760	c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe	c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe
PID 760 wrote to memory of 1988	760	c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe	c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe
PID 760 wrote to memory of 1988	760	c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe	c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe
"C:\Users\Admin\AppData\Local\Temp\c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe"
2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:760

C:\Users\Admin\AppData\Local\Temp\c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe
"C:\Users\Admin\AppData\Local\Temp\c4bb63c77cfca24c0e0c4ceb82c8186d1ba72ccd25eef8809e1419afcf466699.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:1988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/760-0-0x00007FF8563B3000-0x00007FF8563B5000-memory.dmp

Filesize
8KB

Download
memory/760-1-0x000001F863CF0000-0x000001F863DE4000-memory.dmp

Filesize
976KB

Download
memory/760-2-0x000001F865BC0000-0x000001F865CA6000-memory.dmp

Filesize
920KB

Download
memory/760-4-0x00007FF8563B0000-0x00007FF856E71000-memory.dmp

Filesize
10.8MB

Download
memory/760-3-0x000001F87E4D0000-0x000001F87E5B8000-memory.dmp

Filesize
928KB

Download
memory/760-16-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-24-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-68-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-66-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-62-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-60-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-58-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-56-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-54-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-50-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-48-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-46-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-44-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-42-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-38-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-36-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-34-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-32-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-30-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-28-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-26-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-22-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-20-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-18-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-14-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-12-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-10-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-8-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-64-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-52-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-40-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-6-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-5-0x000001F87E4D0000-0x000001F87E5B2000-memory.dmp

Filesize
904KB

Download
memory/760-1079-0x00007FF8563B0000-0x00007FF856E71000-memory.dmp

Filesize
10.8MB

Download
memory/760-1080-0x000001F87E5C0000-0x000001F87E624000-memory.dmp

Filesize
400KB

Download
memory/760-1081-0x000001F864270000-0x000001F8642BC000-memory.dmp

Filesize
304KB

Download
memory/760-1085-0x00007FF8563B0000-0x00007FF856E71000-memory.dmp

Filesize
10.8MB

Download
memory/760-1086-0x00007FF8563B0000-0x00007FF856E71000-memory.dmp

Filesize
10.8MB

Download
memory/760-1087-0x00007FF8563B3000-0x00007FF8563B5000-memory.dmp

Filesize
8KB

Download
memory/760-1088-0x000001F865CB0000-0x000001F865D04000-memory.dmp

Filesize
336KB

Download
memory/760-1091-0x00007FF8563B0000-0x00007FF856E71000-memory.dmp

Filesize
10.8MB

Download
memory/1988-1090-0x0000000140000000-0x000000014002C000-memory.dmp

Filesize
176KB

Download
memory/1988-1092-0x00007FF8563B0000-0x00007FF856E71000-memory.dmp

Filesize
10.8MB

Download
memory/1988-1093-0x00007FF8563B0000-0x00007FF856E71000-memory.dmp

Filesize
10.8MB

Download
memory/1988-1096-0x00007FF8563B0000-0x00007FF856E71000-memory.dmp

Filesize
10.8MB

Download