Overview

overview

10

Static

static

10

WinScript.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    57s
  • max time network
    47s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    30/01/2025, 12:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WinScript.exe

  • Size

    52KB

  • MD5

    93673834f4990293d7f4f47c8923d4b8

  • SHA1

    8a74cad256706e9cee722ed4a47b680ea8791d3d

  • SHA256

    e95554214868e4bba4020036914670bfa988f5f606351c20590e5ccbbd2f7bd6

  • SHA512

    4810e1b050223fca84e71c1047f477fcb25c3715ebfda92265f54f43b0f31bbe311667e1cc48f0cf68dabbc4aae59a520ad532fd10e657e0d096857b3e2a7e51

  • SSDEEP

    768:AoGDMmILyCe++binPSNVdiCKI8YbsgeoR/0dgWUMvEgK/Jf2i++++tyVc6KN:Ao0MWSngyIzbjv0VUMnkJDyVclN

Score
10/10
asyncratpowershellrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

PowerShell

Mutex

DCSSZZVV

Attributes
  • delay

    1

  • install

    true

  • install_file

    winws.exe

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/gf3CpGLZ

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat

Processes

  • C:\Users\Admin\AppData\Local\Temp\WinScript.exe
    "C:\Users\Admin\AppData\Local\Temp\WinScript.exe"
    1⤵
      PID:1992
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4312
      • C:\Users\Admin\AppData\Local\Temp\WinScript.exe
        "C:\Users\Admin\AppData\Local\Temp\WinScript.exe"
        1⤵
          PID:2140

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1992-0-0x00007FFBBC783000-0x00007FFBBC785000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1992-1-0x0000000000590000-0x00000000005A4000-memory.dmp

          Filesize

          80KB

          Download

        • memory/1992-2-0x00007FFBBC780000-0x00007FFBBD242000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/1992-3-0x00007FFBBC780000-0x00007FFBBD242000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2140-4-0x00007FFBAAFD0000-0x00007FFBABA92000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2140-5-0x00007FFBAAFD0000-0x00007FFBABA92000-memory.dmp

          Filesize

          10.8MB

          Download