Overview

overview

10

Static

static

10

Fixer.exe

windows7-x64

10

Fixer.exe

windows10-2004-x64

10

Resubmissions

29-12-2024 03:03

241229-dkdbgazrht 10

Analysis

  • max time kernel
    91s
  • max time network
    92s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-12-2024 03:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Fixer.exe

  • Size

    63KB

  • MD5

    e5b7909be773c5f119ec4574ab7e5e12

  • SHA1

    1ac751392aba91be04c3a2955141e71fc7421f7f

  • SHA256

    a5fd7d84e11ae4ea4898d3adb57bcdac54ec52f8486d73c391549fd9729a8293

  • SHA512

    0298ae38101df1244cc81895df9a41907232f72322f70f7f77e8a1bb228a57196a3f94494ab1fefa5a433a7e0573acce0c4220d53961b9c34ace2f395da2623b

  • SSDEEP

    768:em0vnfEXf78awC8A+XUj36NrZG5dAhJNCwhz1+T4PSBGHmDbDhphcoXFosgeSuoV:WEXiM3t2hJtkYUbThlFoswuodpqKmY7

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

loans-merchant.gl.at.ply.gg:50335

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Fixer.exe
    "C:\Users\Admin\AppData\Local\Temp\Fixer.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4084-0-0x00007FFDC0AB3000-0x00007FFDC0AB5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4084-1-0x00000000006D0000-0x00000000006E6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4084-2-0x00007FFDC0AB0000-0x00007FFDC1571000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4084-3-0x00007FFDC0AB0000-0x00007FFDC1571000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4084-4-0x00007FFDC0AB3000-0x00007FFDC0AB5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4084-5-0x00007FFDC0AB0000-0x00007FFDC1571000-memory.dmp

    Filesize

    10.8MB

    Download