Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

209fbae1dc...07.exe

windows7-x64

1

209fbae1dc...07.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/12/2024, 13:01 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    209fbae1dc4dc78a2658fe4661208807.exe

  • Size

    2.0MB

  • MD5

    209fbae1dc4dc78a2658fe4661208807

  • SHA1

    7a8050672dcd6df8c45c658aba20d94d87f6c6b6

  • SHA256

    ba8ac250bdc6e0bd364bd98fd4404bdc32517eacdad84977133e87aac46af90e

  • SHA512

    dde1e517214580a4f73822295a20eab3f3480bb873d45f9853c06c4523ceb3155d849c1255d8cb4c52e33a95b5d29baaaa8c9fcd73719b12fbc91c442e433940

  • SSDEEP

    24576:ldafm+R1FK6hh5QP4ZaVDwm0vxQOxA3eo8Tcxaahl7o7IipS54dyrtd8d:vk1Fdh2Werxaahl7o7q6cr4d

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

104.236.39.42:6606

104.236.39.42:7707

104.236.39.42:8808
Mutex

NLzwJdZ9VJQw

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain
1
Aq9CHvKwpBc2HRf2rfR2lkJfvwMVJYtV

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • Async RAT payload 1 IoCs
    rat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\209fbae1dc4dc78a2658fe4661208807.exe
    "C:\Users\Admin\AppData\Local\Temp\209fbae1dc4dc78a2658fe4661208807.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1752

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    154.239.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    154.239.44.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    64.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    64.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    42.39.236.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    42.39.236.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    53.210.109.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    53.210.109.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    194.86.200.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    194.86.200.23.in-addr.arpa
    IN PTR
    Response
    194.86.200.23.in-addr.arpa
    IN PTR
    a23-200-86-194deploystaticakamaitechnologiescom
  • flag-us
    DNS
    11.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.227.111.52.in-addr.arpa
    IN PTR
    Response
  • 104.236.39.42:6606
    tls
    209fbae1dc4dc78a2658fe4661208807.exe
    9.3kB
     8.0kB
     76
    74
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    154.239.44.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    154.239.44.20.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    64.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    64.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    42.39.236.104.in-addr.arpa
    dns
    72 B
     139 B
     1
    1

    DNS Request

    42.39.236.104.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    53.210.109.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    53.210.109.20.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    194.86.200.23.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    194.86.200.23.in-addr.arpa

  • 8.8.8.8:53
    11.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    11.227.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1752-0-0x0000020BE8240000-0x0000020BE8253000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1752-1-0x00007FF9DB033000-0x00007FF9DB035000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1752-2-0x0000020BE9B00000-0x0000020BE9B12000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1752-3-0x00007FF9DB030000-0x00007FF9DBAF1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1752-6-0x00007FF9DB033000-0x00007FF9DB035000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1752-7-0x00007FF9DB030000-0x00007FF9DBAF1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1752-8-0x00007FF9DB030000-0x00007FF9DBAF1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1752-9-0x00007FF9DB030000-0x00007FF9DBAF1000-memory.dmp

    Filesize

    10.8MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.