Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
14-12-2024 09:07
Behavioral task
behavioral1
Sample
svchost.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
General
-
Target
svchost.exe
-
Size
63KB
-
MD5
67ca41c73d556cc4cfc67fc5b425bbbd
-
SHA1
ada7f812cd581c493630eca83bf38c0f8b32b186
-
SHA256
23d2e491a8c7f2f7f344764e6879d9566c9a3e55a3788038e48b346c068dde5b
-
SHA512
0dceb6468147cd2497adf31843389a78460ed5abe2c5a13488fc55a2d202ee6ce0271821d3cf12bc1f09a4d6b79a737ea3bccfc2bb87f89b3fff6410fa85ec02
-
SSDEEP
1536:ihbjnR1AioCzmUxIxqFaUm7wPeUJyq8wJGbbUwm/GMNpqKmY7:ihbjnR1AioCzmUxIxwaTwPeUw8GbbUxM
Malware Config
Extracted
Family
asyncrat
Version
1.0.7
Botnet
Default
C2
51.89.44.68:8848
Mutex
etb3t1tr5n
Attributes
-
delay
1
-
install
true
-
install_file
svchost.exe
-
install_folder
%Temp%
aes.plain
Signatures
-
Asyncrat family
-
Suspicious use of AdjustPrivilegeToken 20 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 1708 svchost.exe Token: SeSecurityPrivilege 1708 svchost.exe Token: SeTakeOwnershipPrivilege 1708 svchost.exe Token: SeLoadDriverPrivilege 1708 svchost.exe Token: SeSystemProfilePrivilege 1708 svchost.exe Token: SeSystemtimePrivilege 1708 svchost.exe Token: SeProfSingleProcessPrivilege 1708 svchost.exe Token: SeIncBasePriorityPrivilege 1708 svchost.exe Token: SeCreatePagefilePrivilege 1708 svchost.exe Token: SeBackupPrivilege 1708 svchost.exe Token: SeRestorePrivilege 1708 svchost.exe Token: SeShutdownPrivilege 1708 svchost.exe Token: SeDebugPrivilege 1708 svchost.exe Token: SeSystemEnvironmentPrivilege 1708 svchost.exe Token: SeRemoteShutdownPrivilege 1708 svchost.exe Token: SeUndockPrivilege 1708 svchost.exe Token: SeManageVolumePrivilege 1708 svchost.exe Token: 33 1708 svchost.exe Token: 34 1708 svchost.exe Token: 35 1708 svchost.exe