Analysis Overview
SHA256
b88fad07ba2812f8023fd20a5939192c7932efa99b7c00953e532f77c0896ce6
Threat Level: Known bad
The file AsyncClient.exe was found to be: Known bad.
Malicious Activity Summary
AsyncRat
Async RAT payload
Asyncrat family
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-31 06:16
Signatures
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Asyncrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-31 06:16
Reported
2024-10-31 06:17
Platform
win7-20240708-en
Max time kernel
32s
Max time network
32s
Command Line
Signatures
AsyncRat
Asyncrat family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\AsyncClient.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\AsyncClient.exe
"C:\Users\Admin\AppData\Local\Temp\AsyncClient.exe"
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:7707 | tcp |
Files
memory/2328-0-0x0000000074DEE000-0x0000000074DEF000-memory.dmp
memory/2328-1-0x0000000000D70000-0x0000000000D82000-memory.dmp
memory/2328-2-0x0000000074DE0000-0x00000000754CE000-memory.dmp
memory/2328-3-0x0000000074DEE000-0x0000000074DEF000-memory.dmp
memory/2328-4-0x0000000074DE0000-0x00000000754CE000-memory.dmp
memory/2664-6-0x0000000002D90000-0x0000000002D91000-memory.dmp
memory/2328-5-0x0000000074DE0000-0x00000000754CE000-memory.dmp
memory/3004-7-0x0000000002B00000-0x0000000002B01000-memory.dmp