0b29711ec115c27f4cd6963b9ea1e4febf15624f1c17d1c018611ee3df8c333c

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20241007-es
resource tags

arch:x64arch:x86image:win11-20241007-eslocale:es-esos:windows11-21h2-x64systemwindows
submitted
13-11-2024 06:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AsyncRAT/AsyncRAT.exe
Size

6.4MB
MD5

97a429c4b6a2cb95ece0ddb24c3c2152
SHA1

6fcc26793dd474c0c7113b3360ff29240d9a9020
SHA256

06899071233d61009a64c726a4523aa13d81c2517a0486cc99ac5931837008e5
SHA512

524a63f39e472bd052a258a313ff4f2005041b31f11da4774d3d97f72773f3edb40df316fa9cc2a0f51ea5d8ac404cfdd486bab6718bae60f0d860e98e533f89
SSDEEP

98304:+bPmDVa3VxobFwUN5xXhAqin1MNuSZTKA0t9FFPEG6xJJ33Je2PsBpCz6Ry:+7aIXUN5htin2bk9fcPHJDE7Cz60

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
2740	AsyncRAT.exe
2740	AsyncRAT.exe
2740	AsyncRAT.exe
2740	AsyncRAT.exe
2740	AsyncRAT.exe
2740	AsyncRAT.exe
2740	AsyncRAT.exe
2740	AsyncRAT.exe
2740	AsyncRAT.exe
2740	AsyncRAT.exe
2740	AsyncRAT.exe
2740	AsyncRAT.exe
2740	AsyncRAT.exe
2740	AsyncRAT.exe
2740	AsyncRAT.exe
2740	AsyncRAT.exe
2740	AsyncRAT.exe
2740	AsyncRAT.exe
2740	AsyncRAT.exe
2740	AsyncRAT.exe
2740	AsyncRAT.exe
2740	AsyncRAT.exe
2740	AsyncRAT.exe
2740	AsyncRAT.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2740	AsyncRAT.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2740	AsyncRAT.exe

C:\Users\Admin\AppData\Local\Temp\AsyncRAT\AsyncRAT.exe
"C:\Users\Admin\AppData\Local\Temp\AsyncRAT\AsyncRAT.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2740

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Server\AsyncRAT.exe_Url_bsozgjfh10ettuvlzzecwz2b2kv3ubbv\0.5.8.0\user.config

Filesize
319B

MD5
f71f55112253acc1ef2ecd0a61935970

SHA1
faa9d50656e386e460278d31b1d9247fdd947bb7

SHA256
d1ad588a08c8c0799d7a14509f1e0a7ae04c519102ed9d328a83fe65999e6179

SHA512
761b5c13e39bd4ae21d298084bbe747ae71c383fedf9a51fd5e9723a8b3b4547de459d82bac7f3f8f3bfc11cfb0528a4f1057b51996d7d046583109a53317b44

Download Submit
memory/2740-7-0x00007FFD6EF10000-0x00007FFD6F9D2000-memory.dmp

Filesize
10.8MB

Download
memory/2740-3-0x0000029722AB0000-0x0000029722D02000-memory.dmp

Filesize
2.3MB

Download
memory/2740-4-0x00007FFD6EF10000-0x00007FFD6F9D2000-memory.dmp

Filesize
10.8MB

Download
memory/2740-5-0x00007FFD6EF10000-0x00007FFD6F9D2000-memory.dmp

Filesize
10.8MB

Download
memory/2740-6-0x00000297229D0000-0x00000297229DA000-memory.dmp

Filesize
40KB

Download
memory/2740-0-0x00007FFD6EF13000-0x00007FFD6EF15000-memory.dmp

Filesize
8KB

Download
memory/2740-10-0x00000297229A0000-0x00000297229B2000-memory.dmp

Filesize
72KB

Download
memory/2740-11-0x0000029725800000-0x0000029725A80000-memory.dmp

Filesize
2.5MB

Download
memory/2740-12-0x00007FFD6EF13000-0x00007FFD6EF15000-memory.dmp

Filesize
8KB

Download
memory/2740-13-0x00007FFD6EF10000-0x00007FFD6F9D2000-memory.dmp

Filesize
10.8MB

Download
memory/2740-1-0x0000029707B10000-0x000002970817A000-memory.dmp

Filesize
6.4MB

Download
memory/2740-32-0x00007FFD6EF10000-0x00007FFD6F9D2000-memory.dmp

Filesize
10.8MB

Download
memory/2740-33-0x00007FFD6EF10000-0x00007FFD6F9D2000-memory.dmp

Filesize
10.8MB

Download