asyncrat | eedce349ce30bae2c269040ac02e0c1d2a979cd2743dc89dc8138e61b30f1798

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 18:00

Target

Client.exe
Size

71KB
MD5

958cfc3e7730a66a05d6b8a49ce13d63
SHA1

ebc55f86cccfead463fcc1e6a060a5012fb09907
SHA256

eedce349ce30bae2c269040ac02e0c1d2a979cd2743dc89dc8138e61b30f1798
SHA512

cd6c4f6229a5d97a9b335cbbaf16e4ceab2efde6dd6e17ea0e8645d12739bd2a7ab8e6a77887dd92894af17305df6aafd051c0bfdd8fe7965225f0d538d9fbc5
SSDEEP

768:+MFJ2BAxBMXR5OavIpl2d90CfOmPiEq586H+XVhMZEILH5DMnuqUch04U0VTLgSv:HJmm+g58TXsDpUuqbdLuGjhDeVclN

Score

10^/10

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

VenomRAT 1 IoCs

Detects VenomRAT.

resource	yara_rule
behavioral1/memory/2776-1-0x0000000000070000-0x0000000000088000-memory.dmp	VenomRAT

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2776	Client.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 2864	2776	Client.exe	30
PID 2776 wrote to memory of 2864	2776	Client.exe	30
PID 2776 wrote to memory of 2864	2776	Client.exe	30

C:\Users\Admin\AppData\Local\Temp\Client.exe
"C:\Users\Admin\AppData\Local\Temp\Client.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2776 -s 600
  2⤵
  PID:2864

memory/2776-0-0x000007FEF6503000-0x000007FEF6504000-memory.dmp

Filesize
4KB

Download
memory/2776-1-0x0000000000070000-0x0000000000088000-memory.dmp

Filesize
96KB

Download
memory/2776-3-0x000007FEF6500000-0x000007FEF6EEC000-memory.dmp

Filesize
9.9MB

Download
memory/2776-4-0x000007FEF6500000-0x000007FEF6EEC000-memory.dmp

Filesize
9.9MB

Download