Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
31-10-2024 09:31
Behavioral task
behavioral1
Sample
e2b4b1d4add1c34c77c6c717c4797dbd.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
General
-
Target
e2b4b1d4add1c34c77c6c717c4797dbd.exe
-
Size
63KB
-
MD5
e2b4b1d4add1c34c77c6c717c4797dbd
-
SHA1
053076e52714f2b7a3857acfc8f4a1bb7176a44e
-
SHA256
6608b3f74aa3ca49c2ba346ca3c842c43e2e47b0433a4205b6454f078a20c89f
-
SHA512
618b7eb85d5b0aa2b7e23e9f2165eb8ee601a7fd26ea585d3f57ebbf88266fab61d324f878060e29bbef9de029a0bf8b86ff871823571079b27ebbc3613f35ce
-
SSDEEP
1536:QhYBLTM3UfcEcUVWalZ4FuGbbDwhEfGztpqKmY7:QhYBLTM3UfciVjT4EGbbDk2z
Malware Config
Extracted
Family
asyncrat
Version
1.0.7 - modded by last
Botnet
20241
C2
hicham157484.ddns.net:1995
Mutex
885HDG564F5FGFG5DF400
Attributes
-
delay
1
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
Asyncrat family
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
e2b4b1d4add1c34c77c6c717c4797dbd.exedescription pid process Token: SeDebugPrivilege 876 e2b4b1d4add1c34c77c6c717c4797dbd.exe