asyncrat | 792f07bb0b03778dcee9317ba398828fe9d839a1210674152071c3f93be6017c

Analysis

max time kernel
106s
max time network
116s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-01-2025 08:57

Target

792f07bb0b03778dcee9317ba398828fe9d839a1210674152071c3f93be6017cN.exe
Size

63KB
MD5

72dbe1d1881adb92958a715a64c0cfa0
SHA1

4248b5de182182f3c8723bb1779eb5a94103677c
SHA256

792f07bb0b03778dcee9317ba398828fe9d839a1210674152071c3f93be6017c
SHA512

ab221d466124efc353b10c3210ebca10f3cc1a166b55eab06902a7b6092a33958bd25d52d9ea9338e3e34a4c5219c23ea230161d3883f2d59a6856407f741ecf
SSDEEP

768:Wm0vnfEXf78awC8A+XUemipEqO+pV91ZHw1+T4OSBGHmDbDiph0oX/g2XJ8YSuQV:eEXi3mbyV9HQdYUbEh9NZiuQdpqKmY7

Score

10^/10

Family

asyncrat

Botnet

Default

studies-gotta.gl.at.ply.gg:4323

Attributes

aes.plain

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1660	792f07bb0b03778dcee9317ba398828fe9d839a1210674152071c3f93be6017cN.exe

C:\Users\Admin\AppData\Local\Temp\792f07bb0b03778dcee9317ba398828fe9d839a1210674152071c3f93be6017cN.exe
"C:\Users\Admin\AppData\Local\Temp\792f07bb0b03778dcee9317ba398828fe9d839a1210674152071c3f93be6017cN.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1660

memory/1660-0-0x000007FEF5863000-0x000007FEF5864000-memory.dmp

Filesize
4KB

Download
memory/1660-1-0x0000000000C20000-0x0000000000C36000-memory.dmp

Filesize
88KB

Download
memory/1660-2-0x000007FEF5860000-0x000007FEF624C000-memory.dmp

Filesize
9.9MB

Download
memory/1660-3-0x000007FEF5860000-0x000007FEF624C000-memory.dmp

Filesize
9.9MB

Download
memory/1660-4-0x000007FEF5863000-0x000007FEF5864000-memory.dmp

Filesize
4KB

Download
memory/1660-5-0x000007FEF5860000-0x000007FEF624C000-memory.dmp

Filesize
9.9MB

Download