asyncrat | 94c9d9b131a09d2da14127370bc041f46464754f907d38467c5c48ad20624add

Analysis

max time kernel
137s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 01:47

Target

94c9d9b131a09d2da14127370bc041f46464754f907d38467c5c48ad20624add.exe
Size

3.1MB
MD5

e939fb9abcac14771583ac57e05d9b90
SHA1

b09d0bc30a3d3cffb3583f796c4f363e635ed90a
SHA256

94c9d9b131a09d2da14127370bc041f46464754f907d38467c5c48ad20624add
SHA512

347134900144999b008e9650057144457b82d260569ab9276482d4be814c6efe542adf5fc276d5d344b0561118cc9a5ab61a718b5a972b29784b467edc7fd767
SSDEEP

12288:a7hTrBnuvYkNa2VNYKbpeFy1eLq/FQW8uok7GCoShNZ5LG:a3UYkswNYgpwee+/F78u5yCoS9k

Score

10^/10

Family

asyncrat

Version

0.5.8

Botnet

Default

betterdays4me.duckdns.org:6606

betterdays4me.duckdns.org:7707

betterdays4me.duckdns.org:8808

Mutex

fULNLY9PC39i

Attributes

aes.plain

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Suspicious use of SetThreadContext 1 IoCs

Processes:

94c9d9b131a09d2da14127370bc041f46464754f907d38467c5c48ad20624add.exe

description pid process target process

PID 2532 set thread context of 2692 2532 94c9d9b131a09d2da14127370bc041f46464754f907d38467c5c48ad20624add.exe regasm.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

94c9d9b131a09d2da14127370bc041f46464754f907d38467c5c48ad20624add.exe

description pid process

Token: SeDebugPrivilege 2532 94c9d9b131a09d2da14127370bc041f46464754f907d38467c5c48ad20624add.exe

description	pid	process	target process
PID 2532 set thread context of 2692	2532	94c9d9b131a09d2da14127370bc041f46464754f907d38467c5c48ad20624add.exe	regasm.exe

description	pid	process
Token: SeDebugPrivilege	2532	94c9d9b131a09d2da14127370bc041f46464754f907d38467c5c48ad20624add.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

94c9d9b131a09d2da14127370bc041f46464754f907d38467c5c48ad20624add.exe

description	pid	process	target process
PID 2532 wrote to memory of 2692	2532	94c9d9b131a09d2da14127370bc041f46464754f907d38467c5c48ad20624add.exe	regasm.exe
PID 2532 wrote to memory of 2692	2532	94c9d9b131a09d2da14127370bc041f46464754f907d38467c5c48ad20624add.exe	regasm.exe
PID 2532 wrote to memory of 2692	2532	94c9d9b131a09d2da14127370bc041f46464754f907d38467c5c48ad20624add.exe	regasm.exe
PID 2532 wrote to memory of 2692	2532	94c9d9b131a09d2da14127370bc041f46464754f907d38467c5c48ad20624add.exe	regasm.exe
PID 2532 wrote to memory of 2692	2532	94c9d9b131a09d2da14127370bc041f46464754f907d38467c5c48ad20624add.exe	regasm.exe
PID 2532 wrote to memory of 2692	2532	94c9d9b131a09d2da14127370bc041f46464754f907d38467c5c48ad20624add.exe	regasm.exe
PID 2532 wrote to memory of 2692	2532	94c9d9b131a09d2da14127370bc041f46464754f907d38467c5c48ad20624add.exe	regasm.exe
PID 2532 wrote to memory of 2692	2532	94c9d9b131a09d2da14127370bc041f46464754f907d38467c5c48ad20624add.exe	regasm.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
2⤵
PID:2692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4080,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:8
1⤵
PID:3404

memory/2532-1-0x0000015216CF0000-0x0000015216D16000-memory.dmp

Filesize
152KB

Download
memory/2532-0-0x00007FFCAD6B3000-0x00007FFCAD6B5000-memory.dmp

Filesize
8KB

Download
memory/2532-2-0x0000015231220000-0x0000015231246000-memory.dmp

Filesize
152KB

Download
memory/2532-3-0x00000152170D0000-0x0000015217134000-memory.dmp

Filesize
400KB

Download
memory/2532-4-0x00007FFCAD6B0000-0x00007FFCAE171000-memory.dmp

Filesize
10.8MB

Download
memory/2532-7-0x00007FFCAD6B0000-0x00007FFCAE171000-memory.dmp

Filesize
10.8MB

Download
memory/2692-5-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2692-6-0x00000000743CE000-0x00000000743CF000-memory.dmp

Filesize
4KB

Download
memory/2692-8-0x00000000743C0000-0x0000000074B70000-memory.dmp

Filesize
7.7MB

Download
memory/2692-9-0x00000000743CE000-0x00000000743CF000-memory.dmp

Filesize
4KB

Download
memory/2692-10-0x00000000743C0000-0x0000000074B70000-memory.dmp

Filesize
7.7MB

Download