da0245797f485d175c09c75c1bf3442240f121068b261f77b1c752c41719072a

Analysis

max time kernel
60s
max time network
78s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-05-2023 07:46

Target

CraxsRat-V3.9.1/LiveChartsCountries.dll
Size

59KB
MD5

740659d4411bcf877f27217a2710b874
SHA1

9df5c0d033e49026995e846fe27e1ab4955d43b1
SHA256

f6e951697226a85e8ad11578a20a0de8c1923afbc69dfce3f0e10ea823d54c1a
SHA512

96d810233dc40915d06c9adf6f49a62be8321a0ea6ace3c139922272dcf543e48b041b341694c126727e37e7a4ca1bd4ba7395ca18d998f629e87aa409c36b37
SSDEEP

1536:E3VBdmmdVR/GF3VZC/owI8bbS56VX1xPzSoE3xy:EFDht/GF3VZC/xdu6VlxPzhIxy

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1684 1920 WerFault.exe rundll32.exe

pid	pid_target	process	target process
1684	1920	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1608 wrote to memory of 1920	1608	rundll32.exe	rundll32.exe
PID 1608 wrote to memory of 1920	1608	rundll32.exe	rundll32.exe
PID 1608 wrote to memory of 1920	1608	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\CraxsRat-V3.9.1\LiveChartsCountries.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1608

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\CraxsRat-V3.9.1\LiveChartsCountries.dll,#1
2⤵
PID:1920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 1008
3⤵
- Program crash
PID:1684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 1920 -ip 1920
1⤵
PID:4912

memory/1920-133-0x0000000000F70000-0x0000000000F80000-memory.dmp

Filesize
64KB

Download