asyncrat | 400c24bdb9b7dabfcd9a8a2f137550f338014d833d169c6e6f4252910fb95feb

Analysis

max time kernel
89s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
22/03/2025, 06:15

Target

a3a62b600d751eaaf32c95c6c03ea74c.exe
Size

63KB
MD5

a3a62b600d751eaaf32c95c6c03ea74c
SHA1

34e91af8d3b9c2e8ebb66704ed49d7105fa2927a
SHA256

7ea212ddfba458eeb29a6db1956cf60868ab4e8b6c57596634c1d272c3b61259
SHA512

768d9241cc1af5a697a45f6622f1344ccb3723a0353dbde5629f2c7ca45d8c106f1c2ee9410cebb6629d406fef898a080c71012ff1b3b22c3456ab7d3572d356
SSDEEP

1536:uh0JL7VQky47k8FJeeiIVrGbbXwp3aG4QpqKmY7:uh0JL7VQky4nFceXGbbXYKLz

Score

10^/10

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

147.185.221.27:3368

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

aes.plain

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Suspicious use of AdjustPrivilegeToken 21 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	436	a3a62b600d751eaaf32c95c6c03ea74c.exe
Token: SeSecurityPrivilege	436	a3a62b600d751eaaf32c95c6c03ea74c.exe
Token: SeTakeOwnershipPrivilege	436	a3a62b600d751eaaf32c95c6c03ea74c.exe
Token: SeLoadDriverPrivilege	436	a3a62b600d751eaaf32c95c6c03ea74c.exe
Token: SeSystemProfilePrivilege	436	a3a62b600d751eaaf32c95c6c03ea74c.exe
Token: SeSystemtimePrivilege	436	a3a62b600d751eaaf32c95c6c03ea74c.exe
Token: SeProfSingleProcessPrivilege	436	a3a62b600d751eaaf32c95c6c03ea74c.exe
Token: SeIncBasePriorityPrivilege	436	a3a62b600d751eaaf32c95c6c03ea74c.exe
Token: SeCreatePagefilePrivilege	436	a3a62b600d751eaaf32c95c6c03ea74c.exe
Token: SeBackupPrivilege	436	a3a62b600d751eaaf32c95c6c03ea74c.exe
Token: SeRestorePrivilege	436	a3a62b600d751eaaf32c95c6c03ea74c.exe
Token: SeShutdownPrivilege	436	a3a62b600d751eaaf32c95c6c03ea74c.exe
Token: SeDebugPrivilege	436	a3a62b600d751eaaf32c95c6c03ea74c.exe
Token: SeSystemEnvironmentPrivilege	436	a3a62b600d751eaaf32c95c6c03ea74c.exe
Token: SeRemoteShutdownPrivilege	436	a3a62b600d751eaaf32c95c6c03ea74c.exe
Token: SeUndockPrivilege	436	a3a62b600d751eaaf32c95c6c03ea74c.exe
Token: SeManageVolumePrivilege	436	a3a62b600d751eaaf32c95c6c03ea74c.exe
Token: 33	436	a3a62b600d751eaaf32c95c6c03ea74c.exe
Token: 34	436	a3a62b600d751eaaf32c95c6c03ea74c.exe
Token: 35	436	a3a62b600d751eaaf32c95c6c03ea74c.exe
Token: 36	436	a3a62b600d751eaaf32c95c6c03ea74c.exe

C:\Users\Admin\AppData\Local\Temp\a3a62b600d751eaaf32c95c6c03ea74c.exe
"C:\Users\Admin\AppData\Local\Temp\a3a62b600d751eaaf32c95c6c03ea74c.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:436

memory/436-1-0x0000000000460000-0x0000000000476000-memory.dmp

Filesize
88KB

Download
memory/436-0-0x00007FFBB5373000-0x00007FFBB5375000-memory.dmp

Filesize
8KB

Download
memory/436-2-0x00007FFBB5370000-0x00007FFBB5E31000-memory.dmp

Filesize
10.8MB

Download
memory/436-3-0x00007FFBB5370000-0x00007FFBB5E31000-memory.dmp

Filesize
10.8MB

Download