Overview

overview

10

Static

static

3

NOTIFICACI...ca.exe

windows7-x64

10

NOTIFICACI...ca.exe

windows10-2004-x64

10

NOTIFICACI...ib.dll

windows7-x64

3

NOTIFICACI...ib.dll

windows10-2004-x64

3

NOTIFICACI...Db.dll

windows7-x64

3

NOTIFICACI...Db.dll

windows10-2004-x64

3

NOTIFICACI...el.dll

windows7-x64

3

NOTIFICACI...el.dll

windows10-2004-x64

3

NOTIFICACI...ib.dll

windows7-x64

3

NOTIFICACI...ib.dll

windows10-2004-x64

3

NOTIFICACI...ls.dll

windows7-x64

3

NOTIFICACI...ls.dll

windows10-2004-x64

3

NOTIFICACI...ls.dll

windows7-x64

3

NOTIFICACI...ls.dll

windows10-2004-x64

3

NOTIFICACI...49.dll

windows7-x64

3

NOTIFICACI...49.dll

windows10-2004-x64

3

NOTIFICACI...71.dll

windows7-x64

3

NOTIFICACI...71.dll

windows10-2004-x64

3

NOTIFICACI...71.dll

windows7-x64

3

NOTIFICACI...71.dll

windows10-2004-x64

3

NOTIFICACI...t6.dll

windows7-x64

3

NOTIFICACI...t6.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-11-2024 10:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NOTIFICACIÓN ELECTRÓNICA JUDICIAL AUTO ADMISORIO DEMANDA LABORAL/006 NotificacionElectronica.exe

  • Size

    168KB

  • MD5

    aef6452711538d9021f929a2a5f633cf

  • SHA1

    205b7fab75e77d1ff123991489462d39128e03f6

  • SHA256

    e611a1ffbe9e08a2660bc290a581aa0b54637524aaf6040a70e54f97136ce5ac

  • SHA512

    7ad84d4d3bab3f5a3e14f336d8931bf4b876299000081b2a94a3fcf698c56b82514753b483c5b8d7ae84ddd92ee1c4043fa5e7fb7c4f7e9eb52ca8c794e508b7

  • SSDEEP

    3072:+CNUaViEqjY1uimO3soWBgZNENeo0TzSCOtCUon/BA2gGaA44:dwEq7HO8ohEsxHSC+CUO/Bxk4

Score
10/10
asyncrat=== 06 nov ===discoveryrat

Malware Config

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

=== 06 NOV ===

C2

0611wins.duckdns.org:9003

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NOTIFICACIÓN ELECTRÓNICA JUDICIAL AUTO ADMISORIO DEMANDA LABORAL\006 NotificacionElectronica.exe
    "C:\Users\Admin\AppData\Local\Temp\NOTIFICACIÓN ELECTRÓNICA JUDICIAL AUTO ADMISORIO DEMANDA LABORAL\006 NotificacionElectronica.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\SysWOW64\cmd.exe
      2⤵
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:2532
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:1988

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\394b6c60
    Filesize

    777KB

    MD5

    3e655d5d2ab0eafaf9bd0406ca2d1f86

    SHA1

    53cee763b70aed5b867c98d7b2e0263efc57a2f7

    SHA256

    0ac8b10a4caed831152178cb2b68246b08ec6febeacbb26b7ac77372417a1084

    SHA512

    2630364c6172ca9c399e04141e93be827b9731272ec2f3498a73a8b2389779647f00935dbb3c80eab18742d7ac513024ec3e808c5fe59e3d9754ff0e9b009c14

    Download Submit

  • memory/1672-18-0x0000000074903000-0x0000000074905000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1672-5-0x00007FFF04F50000-0x00007FFF05145000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1672-2-0x00000000009E0000-0x0000000000AB1000-memory.dmp

    Filesize

    836KB

    Download

  • memory/1672-4-0x00000000748F0000-0x0000000074A6B000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1672-19-0x00000000748F0000-0x0000000074A6B000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1672-20-0x00000000748F0000-0x0000000074A6B000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1672-1-0x0000000000AC0000-0x0000000000B23000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1988-37-0x00000000744B0000-0x0000000074C60000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1988-30-0x0000000072D80000-0x0000000073FD4000-memory.dmp

    Filesize

    18.3MB

    Download

  • memory/1988-33-0x0000000001030000-0x0000000001046000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1988-34-0x00000000744B0000-0x0000000074C60000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1988-35-0x00000000744B0000-0x0000000074C60000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1988-36-0x00000000744B0000-0x0000000074C60000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2532-22-0x00000000748F0000-0x0000000074A6B000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2532-27-0x00000000748F0000-0x0000000074A6B000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2532-26-0x00000000748F0000-0x0000000074A6B000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2532-29-0x00000000748F0000-0x0000000074A6B000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2532-24-0x00007FFF04F50000-0x00007FFF05145000-memory.dmp

    Filesize

    2.0MB

    Download