Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
11-05-2023 20:16
General
-
Target
CraxsRat 4.0.1.zip
-
Size
144.7MB
-
MD5
8a50e7c45a5e3f997cc5977877905cd4
-
SHA1
69322ab4e93846603acdf50d778721766ec76515
-
SHA256
330be9927418eca24b6b0acadec70a2ebcdccfd9b3a7588ef4e707bf85c76502
-
SHA512
360f6b1aac4648a45b653fb7bd1a91007093ae535e855c043b301240e47cf19f4d78442f080b869a52c62bc3386068afb77b42b8a98349eab780eb39b45d6b14
-
SSDEEP
3145728:S5mk2EklYF4YYkSO7Wkf9Pb2OE9Mfg9rLrCLVnwXZmYc7qHE:S5mkrMu46SZS9W9MIZL+VwJmLqHE
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\CraxsRat 4.0.1.zip"1⤵
-
C:\Windows\system32\verclsid.exe"C:\Windows\system32\verclsid.exe" /S /C {0B2C9183-C9FA-4C53-AE21-C900B0C39965} /I {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} /X 0x4011⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\CraxsRat 4.0.1\" -spe -an -ai#7zMap26600:108:7zEvent34491⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow