Overview

overview

10

Static

static

3

58101c2daa...f6.exe

windows7-x64

10

58101c2daa...f6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-01-2025 14:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    58101c2daabca323dfdbe94a745cb8749f2b728e7ea2798b85866833d2c461f6.exe

  • Size

    35KB

  • MD5

    431ce7e93e9313ebbda1699b82522527

  • SHA1

    9875ec75df23533fed3579de34acc58918a348c1

  • SHA256

    58101c2daabca323dfdbe94a745cb8749f2b728e7ea2798b85866833d2c461f6

  • SHA512

    6bc78822500624376940c117daff722e7538e2e77c0c022a9e828231b07b84b9a60ed14ef16143e3bc358ddd7a2e28f3a6c436a4d50fa9fb84f47d540df3e29f

  • SSDEEP

    768:eeBy5oxQY0QDvZtt+cty5ZpyZngfNO+M4aSScy:ew4oxZjz0NkgfNO+MGTy

Score
10/10
asyncratstormkittyvenomratdiscoveryratstealer

Malware Config

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 1 IoCs
  • Stormkitty family
    stormkitty
  • VenomRAT 1 IoCs

    Detects VenomRAT.

    rat
  • Venomrat family
    venomrat
  • Downloads MZ/PE file
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 27 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\58101c2daabca323dfdbe94a745cb8749f2b728e7ea2798b85866833d2c461f6.exe
    "C:\Users\Admin\AppData\Local\Temp\58101c2daabca323dfdbe94a745cb8749f2b728e7ea2798b85866833d2c461f6.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1260
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rcixsiqd\rcixsiqd.cmdline"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1676
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7436.tmp" "c:\Users\Admin\AppData\Local\Temp\rcixsiqd\CSCA0349C94793545C2BCB1DD2A22F2679B.TMP"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2924
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\RES7436.tmp
    Filesize

    1KB

    MD5

    cff1a449a10b86bf44ff504b60b822b5

    SHA1

    5f0349fa61edfc4c7f47da5987e51dace6aff26b

    SHA256

    1caee1050071387311ce299f943351c660a442067a32ceed919f2edbb82be59b

    SHA512

    b89f811afcfdd51cf92c8dd812e0a37344ec4521379820016638a85a648d2b668555049d712e3537952a11dcc61fea57c0d8ad4fb32689f6faf85a91af78058d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\rcixsiqd\rcixsiqd.dll
    Filesize

    9KB

    MD5

    5f68d5e9c8b38301899fbbd4c9b4bc67

    SHA1

    24f65606de402c079f8fc199965421ce6993c45d

    SHA256

    f97da2ab2d0d4eababb1446b00a214d1f1e5801c975a4c6b24b69396212432f7

    SHA512

    9350a29522a1e74a5051f2fc768deafdf1027efb5d68e2f6d2c641bacb0271f8e91ea4b22a3354fa6776dbd6f5ff76fdb19833de5e99f610ffbccc4b90ced095

    Download Submit

  • \??\c:\Users\Admin\AppData\Local\Temp\rcixsiqd\CSCA0349C94793545C2BCB1DD2A22F2679B.TMP
    Filesize

    652B

    MD5

    5545a0866f293f492d8de848b61db787

    SHA1

    5055f66eaeefae0b67b54f04e933e8ba6ef25325

    SHA256

    1916fe8a3e8212bf950c11318eba18fa13517d4c3f3d83d014c16b6802e0b7a0

    SHA512

    64fd8ffc27de073677ce5ccc51bed1380c2b09a79a409c377c18101218cc68fb9e6826efa6b415e80443180463053949022113e85ab55e74c1b15338f2a86dba

    Download Submit

  • \??\c:\Users\Admin\AppData\Local\Temp\rcixsiqd\rcixsiqd.0.cs
    Filesize

    10KB

    MD5

    f9f6e35df4fa6c35bdf52625d3641105

    SHA1

    301af598f3f83581217561f3de8c74a3051a0dfd

    SHA256

    2e555b424b335bb9b7817c1d3ee815650549a90cdd22f4d8235460ecc0a12bbf

    SHA512

    461ceb488bece4ff2f86382d91b3adab1a02e2f5f3ce1ae222a842f859664c3b4c71b6e7dae986a824eab735e17e38dafd081e252354bdbaf8854ae9a6a72b28

    Download Submit

  • \??\c:\Users\Admin\AppData\Local\Temp\rcixsiqd\rcixsiqd.cmdline
    Filesize

    204B

    MD5

    c2b9eda4eecda0734d8ff64d4048c6e9

    SHA1

    0e0ac35e5233a059844ba9d0c7e9719c174d8c90

    SHA256

    ec76a7e8e733c8e6f61f1cdb2fa2cce787c8f82f4af431b6f2f508daf1038b0f

    SHA512

    a651a98ebfbd8f02d63dc7724dfcbdd6a4713b107745eb1d9cf89220a8a04e51269ce58b96ecdff779a7b79ee414d24668cef430747bfa05f29f5b1b9c072166

    Download Submit

  • memory/1260-15-0x0000000002880000-0x0000000002888000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1260-5-0x0000000074EA0000-0x0000000075650000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1260-1-0x00000000003C0000-0x00000000003D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1260-0-0x0000000074EAE000-0x0000000074EAF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1260-19-0x0000000074EA0000-0x0000000075650000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3680-17-0x0000000000400000-0x0000000000704000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/3680-20-0x0000000074EA0000-0x0000000075650000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3680-21-0x0000000005D70000-0x0000000006314000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3680-22-0x0000000074EA0000-0x0000000075650000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3680-23-0x0000000005BE0000-0x0000000005C72000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3680-24-0x0000000005B90000-0x0000000005B9A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3680-25-0x0000000074EA0000-0x0000000075650000-memory.dmp

    Filesize

    7.7MB

    Download