Overview

overview

7

Static

static

7

CraxRat V4...CK.exe

windows10-1703-x64

7

CraxRat V4...es.dll

windows10-1703-x64

3

CraxRat V4...on.dll

windows10-1703-x64

3

CraxRat V4...UI.dll

windows10-1703-x64

1

CraxRat V4...io.dll

windows10-1703-x64

1

CraxRat V4...le.dll

windows10-1703-x64

1

CraxRat V4...on.dll

windows10-1703-x64

1

CraxRat V4...V4.exe

windows10-1703-x64

3

CraxRat V4...ck.exe

windows10-1703-x64

7

Resubmissions

24-05-2023 12:03

230524-n8dbgscd25 7

Analysis

  • max time kernel
    125s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24-05-2023 12:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CraxRat V4 CRACK/V4.exe

  • Size

    40.9MB

  • MD5

    2c3de095ad1ad12d56c4656642c4e541

  • SHA1

    f8925dc9c68895958961a5c01e989f622f644f0c

  • SHA256

    85e1519a11df4b2c6d36d64536fb1070cd6cdd01da502056aab2a01b468016c3

  • SHA512

    5be44b6e3c99847f8507e1ba32f2fa157b6da8cf09f7baf12030bd57f29c5872e2d5934cc64836b2de98242422f4d91b9224071b041f48b539e6f23e6d3ebcac

  • SSDEEP

    786432:Thyqe9n+N5GsjzKGCGWdo3LuqIXwfWeY6VQoJOjzTheSsXaKAoija5w9Fm:NtOn+uLGCG6qOgfzbUjzTDyadoea5g

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CraxRat V4 CRACK\V4.exe
    "C:\Users\Admin\AppData\Local\Temp\CraxRat V4 CRACK\V4.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4152
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 4152 -s 3456
      2⤵
      • Program crash
      PID:1228
  • C:\Windows\system32\werfault.exe
    werfault.exe /h /shared Global\32f05a392f7449e498d001d217286384 /t 4136 /p 4152
    1⤵
      PID:3380

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\EVLF_-_t.me_evlfdev\V4.exe_Url_ou1ripe5ial3gaahnnaenrl5dbdncmt4\4.0.0.0\user.config
      Filesize

      798B

      MD5

      86c914fa834005a5d28df952ffee11ae

      SHA1

      a29db77bcfce72901891a905bc040b8b405a74cc

      SHA256

      ec020c677fc4a530bcc292e6f3946820ddb2b3ef8641edb6a6a7f091218fbf6d

      SHA512

      61cf656dc5736686e214d855200bea66a22155193d4d1254813b6087992567bb1ffb5780df4b58401f150371093198c9013a99b5632ac57a46a3ae34c541d667

      Download Submit

    • memory/4152-133-0x0000026D7AD40000-0x0000026D7AD50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4152-126-0x0000026D7AC60000-0x0000026D7AC8C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4152-134-0x0000026D08000000-0x0000026D0AA62000-memory.dmp

      Filesize

      42.4MB

      Download

    • memory/4152-125-0x0000026D7AC10000-0x0000026D7AC2C000-memory.dmp

      Filesize

      112KB

      Download

    • memory/4152-135-0x0000026D7AD40000-0x0000026D7AD50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4152-127-0x0000026D7ACD0000-0x0000026D7AD0C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/4152-128-0x0000026D7AD40000-0x0000026D7AD50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4152-136-0x0000026D7AD40000-0x0000026D7AD50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4152-130-0x0000026D7BD90000-0x0000026D7BDC6000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4152-131-0x0000026D7C180000-0x0000026D7C326000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4152-132-0x0000026D7C020000-0x0000026D7C070000-memory.dmp

      Filesize

      320KB

      Download

    • memory/4152-121-0x0000026D5DDC0000-0x0000026D606B4000-memory.dmp

      Filesize

      41.0MB

      Download

    • memory/4152-124-0x0000026D7AB10000-0x0000026D7AB1C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/4152-123-0x0000026D609E0000-0x0000026D609E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4152-129-0x0000026D7AD40000-0x0000026D7AD50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4152-137-0x0000026D7AD40000-0x0000026D7AD50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4152-138-0x0000026D7AD40000-0x0000026D7AD50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4152-139-0x0000026D7AD40000-0x0000026D7AD50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4152-140-0x0000026D7AD40000-0x0000026D7AD50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4152-141-0x0000026D7AD40000-0x0000026D7AD50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4152-142-0x0000026D7AD40000-0x0000026D7AD50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4152-143-0x0000026D7AD40000-0x0000026D7AD50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4152-144-0x0000026D12710000-0x0000026D1271A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/4152-145-0x0000026D7AD40000-0x0000026D7AD50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4152-122-0x0000026D7AD40000-0x0000026D7AD50000-memory.dmp

      Filesize

      64KB

      Download