Overview

overview

10

Static

static

10

50568b91dc...17.exe

windows7-x64

10

50568b91dc...17.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06-11-2024 23:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    50568b91dc4fb9cd55189ca115e9385b6bac08efb61b5e0c2ae927b87b6d5e17.exe

  • Size

    63KB

  • MD5

    490069e3aa3bc3760d819ea2d1a898d5

  • SHA1

    36b7a3d0b6e65ce2742ac0e4710550c6db95b514

  • SHA256

    50568b91dc4fb9cd55189ca115e9385b6bac08efb61b5e0c2ae927b87b6d5e17

  • SHA512

    33ab1d22236f74afd40d4458f721205306f59ca10281843e51685d1e09ad23e0e8701948e26da02e60e1d33b8c70d4e34d1fd73a14009644e04189b32e711d9e

  • SSDEEP

    768:Wm0vnfEXf78awC8A+XUolqgrSw9BrRH+L1+T4ASBGcmDbDkph0oX3ZSuQdpqKYhg:eEXiywXrRHaHfUbSh93wuQdpqKmY7

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

places-author.gl.at.ply.gg:56606

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\50568b91dc4fb9cd55189ca115e9385b6bac08efb61b5e0c2ae927b87b6d5e17.exe
    "C:\Users\Admin\AppData\Local\Temp\50568b91dc4fb9cd55189ca115e9385b6bac08efb61b5e0c2ae927b87b6d5e17.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2668-0-0x000007FEF6113000-0x000007FEF6114000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2668-1-0x0000000000A10000-0x0000000000A26000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2668-2-0x000007FEF6110000-0x000007FEF6AFC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2668-3-0x000007FEF6110000-0x000007FEF6AFC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2668-4-0x000007FEF6113000-0x000007FEF6114000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2668-5-0x000007FEF6110000-0x000007FEF6AFC000-memory.dmp

    Filesize

    9.9MB

    Download