Overview
overview
7Static
static
7craxs3/ChangeLog.html
windows10-2004-x64
1craxs3/CraxsRat.exe
windows10-2004-x64
1craxs3/Cra...xe.xml
windows10-2004-x64
3craxs3/Dra...rk.dll
windows10-2004-x64
1craxs3/Fu#...er.exe
windows10-2004-x64
7craxs3/GeoIPCitys.dll
windows10-2004-x64
1craxs3/Liv...PS.dll
windows10-2004-x64
1craxs3/Liv...ms.dll
windows10-2004-x64
1craxs3/Liv...pf.dll
windows10-2004-x64
1craxs3/LiveCharts.dll
windows10-2004-x64
1craxs3/NAudio.dll
windows10-2004-x64
1craxs3/New...on.dll
windows10-2004-x64
1craxs3/Sys...le.dll
windows10-2004-x64
1craxs3/WinMM.Net.dll
windows10-2004-x64
1craxs3/Win...ve.dll
windows10-2004-x64
1Analysis
-
max time kernel
61s -
max time network
71s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
13/07/2023, 11:05
Behavioral task
behavioral1
Sample
craxs3/ChangeLog.html
Resource
win10v2004-20230703-en
Behavioral task
behavioral2
Sample
craxs3/CraxsRat.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral3
Sample
craxs3/CraxsRat.exe.xml
Resource
win10v2004-20230703-en
Behavioral task
behavioral4
Sample
craxs3/DrakeUI.Framework.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral5
Sample
craxs3/Fu##ThisLoader.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral6
Sample
craxs3/GeoIPCitys.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral7
Sample
craxs3/LiveCharts.MAPS.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral8
Sample
craxs3/LiveCharts.WinForms.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral9
Sample
craxs3/LiveCharts.Wpf.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral10
Sample
craxs3/LiveCharts.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral11
Sample
craxs3/NAudio.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral12
Sample
craxs3/Newtonsoft.Json.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral13
Sample
craxs3/System.IO.Compression.ZipFile.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral14
Sample
craxs3/WinMM.Net.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral15
Sample
craxs3/Windows.UI.Immersive.dll
Resource
win10v2004-20230703-en
General
-
Target
craxs3/CraxsRat.exe.xml
-
Size
8KB
-
MD5
7ae229700efc323e33897ad95588bf2d
-
SHA1
15597f3eb693df1bbbf73672dafaf07f10f9ac69
-
SHA256
db3e864a56dea1c786cbf5dd9cd73524259ef4ce442b27f86d6ec9f7af581593
-
SHA512
f7d17b09126ae0d2d54d6842e5334024b22a4ca5c52b21db8ea5b6a7507edfca7dd1c036573bbedc5aef275f21740a521aa7bc18d9179da810635c10cabca591
-
SSDEEP
96:ur7V7KorTZHyZ90nDP9SbujEBKgFAnuAnznVuupxZAEcHn4abLintYIWVv/xSpQT:ur7V79rqC4
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1756 2832 WerFault.exe 37
Processes
-
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\craxs3\CraxsRat.exe.xml"1⤵PID:2832
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2832 -s 4482⤵
- Program crash
PID:1756
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 408 -p 2832 -ip 28321⤵PID:5096