f45c1e3804cb3db0debb4a9f77a86ca6fb8b8ae55b732d45ee7ac8e617568094

Resubmissions

09-05-2023 18:34

230509-w77spsfc6z 10

Analysis

max time kernel
29s
max time network
44s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2023 18:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CraxsRat v4/V4.exe
Size

40.9MB
MD5

2c3de095ad1ad12d56c4656642c4e541
SHA1

f8925dc9c68895958961a5c01e989f622f644f0c
SHA256

85e1519a11df4b2c6d36d64536fb1070cd6cdd01da502056aab2a01b468016c3
SHA512

5be44b6e3c99847f8507e1ba32f2fa157b6da8cf09f7baf12030bd57f29c5872e2d5934cc64836b2de98242422f4d91b9224071b041f48b539e6f23e6d3ebcac
SSDEEP

786432:Thyqe9n+N5GsjzKGCGWdo3LuqIXwfWeY6VQoJOjzTheSsXaKAoija5w9Fm:NtOn+uLGCG6qOgfzbUjzTDyadoea5g

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

V4.exe

description pid process

Token: SeDebugPrivilege 4164 V4.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

V4.exe

pid process

4164 V4.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

V4.exe

pid process

4164 V4.exe

description	pid	process
Token: SeDebugPrivilege	4164	V4.exe

pid	process
4164	V4.exe

pid	process
4164	V4.exe

C:\Users\Admin\AppData\Local\Temp\CraxsRat v4\V4.exe
"C:\Users\Admin\AppData\Local\Temp\CraxsRat v4\V4.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4164-133-0x000002CD9EEF0000-0x000002CDA17E4000-memory.dmp

Filesize
41.0MB

Download
memory/4164-134-0x000002CDBBE60000-0x000002CDBBE70000-memory.dmp

Filesize
64KB

Download
memory/4164-135-0x000002CDA1B20000-0x000002CDA1B21000-memory.dmp

Filesize
4KB

Download
memory/4164-136-0x000002CDA1BD0000-0x000002CDA1BDC000-memory.dmp

Filesize
48KB

Download
memory/4164-137-0x000002CDA1C30000-0x000002CDA1C4C000-memory.dmp

Filesize
112KB

Download
memory/4164-138-0x000002CDA1C80000-0x000002CDA1CAC000-memory.dmp

Filesize
176KB

Download
memory/4164-139-0x000002CDBBCA0000-0x000002CDBBCDC000-memory.dmp

Filesize
240KB

Download
memory/4164-140-0x000002CDBBCE0000-0x000002CDBBD16000-memory.dmp

Filesize
216KB

Download
memory/4164-141-0x000002CDBE2A0000-0x000002CDBE446000-memory.dmp

Filesize
1.6MB

Download
memory/4164-142-0x000002CDBE600000-0x000002CDBE650000-memory.dmp

Filesize
320KB

Download
memory/4164-143-0x000002CDBBE60000-0x000002CDBBE70000-memory.dmp

Filesize
64KB

Download
memory/4164-144-0x000002CDBBE60000-0x000002CDBBE70000-memory.dmp

Filesize
64KB

Download
memory/4164-145-0x000002CDBBE60000-0x000002CDBBE70000-memory.dmp

Filesize
64KB

Download
memory/4164-146-0x000002CDBBE60000-0x000002CDBBE70000-memory.dmp

Filesize
64KB

Download
memory/4164-147-0x000002CDBBE60000-0x000002CDBBE70000-memory.dmp

Filesize
64KB

Download
memory/4164-148-0x000002CDBBE60000-0x000002CDBBE70000-memory.dmp

Filesize
64KB

Download
memory/4164-149-0x000002CDBBE60000-0x000002CDBBE70000-memory.dmp

Filesize
64KB

Download
memory/4164-150-0x000002CDBBE60000-0x000002CDBBE70000-memory.dmp

Filesize
64KB

Download
memory/4164-151-0x000002CDBBE60000-0x000002CDBBE70000-memory.dmp

Filesize
64KB

Download
memory/4164-152-0x000002CDBBE60000-0x000002CDBBE70000-memory.dmp

Filesize
64KB

Download
memory/4164-153-0x000002CDBBE60000-0x000002CDBBE70000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads