0a06fb2cbb200a1ab76de4b4e5fe2284932b0c65707ab304921ea2d739ea90da

Analysis

max time kernel
121s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05-05-2023 22:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CraxsRat v4.5.3.exe
Size

40.9MB
MD5

2c3de095ad1ad12d56c4656642c4e541
SHA1

f8925dc9c68895958961a5c01e989f622f644f0c
SHA256

85e1519a11df4b2c6d36d64536fb1070cd6cdd01da502056aab2a01b468016c3
SHA512

5be44b6e3c99847f8507e1ba32f2fa157b6da8cf09f7baf12030bd57f29c5872e2d5934cc64836b2de98242422f4d91b9224071b041f48b539e6f23e6d3ebcac
SSDEEP

786432:Thyqe9n+N5GsjzKGCGWdo3LuqIXwfWeY6VQoJOjzTheSsXaKAoija5w9Fm:NtOn+uLGCG6qOgfzbUjzTDyadoea5g

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

CraxsRat v4.5.3.exe

description pid process

Token: SeDebugPrivilege 4140 CraxsRat v4.5.3.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

CraxsRat v4.5.3.exe

pid process

4140 CraxsRat v4.5.3.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

CraxsRat v4.5.3.exe

pid process

4140 CraxsRat v4.5.3.exe

description	pid	process
Token: SeDebugPrivilege	4140	CraxsRat v4.5.3.exe

pid	process
4140	CraxsRat v4.5.3.exe

pid	process
4140	CraxsRat v4.5.3.exe

C:\Users\Admin\AppData\Local\Temp\CraxsRat v4.5.3.exe
"C:\Users\Admin\AppData\Local\Temp\CraxsRat v4.5.3.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4140-133-0x000001DD52EC0000-0x000001DD557B4000-memory.dmp

Filesize
41.0MB

Download
memory/4140-134-0x000001DD6FD10000-0x000001DD6FD20000-memory.dmp

Filesize
64KB

Download
memory/4140-135-0x000001DD55AF0000-0x000001DD55AF1000-memory.dmp

Filesize
4KB

Download
memory/4140-136-0x000001DD55BA0000-0x000001DD55BAC000-memory.dmp

Filesize
48KB

Download
memory/4140-137-0x000001DD55BE0000-0x000001DD55BFC000-memory.dmp

Filesize
112KB

Download
memory/4140-138-0x000001DD57500000-0x000001DD5752C000-memory.dmp

Filesize
176KB

Download
memory/4140-139-0x000001DD57530000-0x000001DD5756C000-memory.dmp

Filesize
240KB

Download
memory/4140-141-0x000001DD6FD10000-0x000001DD6FD20000-memory.dmp

Filesize
64KB

Download
memory/4140-140-0x000001DD6FD10000-0x000001DD6FD20000-memory.dmp

Filesize
64KB

Download
memory/4140-142-0x000001DD6FD60000-0x000001DD6FD96000-memory.dmp

Filesize
216KB

Download
memory/4140-143-0x000001DD71BC0000-0x000001DD71D66000-memory.dmp

Filesize
1.6MB

Download
memory/4140-144-0x000001DD6FD10000-0x000001DD6FD20000-memory.dmp

Filesize
64KB

Download
memory/4140-145-0x000001DD6FD10000-0x000001DD6FD20000-memory.dmp

Filesize
64KB

Download
memory/4140-146-0x000001DD6FD10000-0x000001DD6FD20000-memory.dmp

Filesize
64KB

Download
memory/4140-147-0x000001DD6FD10000-0x000001DD6FD20000-memory.dmp

Filesize
64KB

Download
memory/4140-148-0x000001DD6FD10000-0x000001DD6FD20000-memory.dmp

Filesize
64KB

Download
memory/4140-149-0x000001DD6FD10000-0x000001DD6FD20000-memory.dmp

Filesize
64KB

Download
memory/4140-150-0x000001DD6FD10000-0x000001DD6FD20000-memory.dmp

Filesize
64KB

Download
memory/4140-151-0x000001DD6FD10000-0x000001DD6FD20000-memory.dmp

Filesize
64KB

Download
memory/4140-152-0x000001DD6FD10000-0x000001DD6FD20000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads