Analysis

  • max time kernel
    226s
  • max time network
    296s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 06:19

General

  • Target

    CraxsRat_V6.7/ChangeLog.html

  • Size

    38KB

  • MD5

    68be5f2305d89845ae9c4e81e5b493ef

  • SHA1

    e6467906b143472331b6184ddf6471e3cb698502

  • SHA256

    6b7feccc3c61f99c5db7890187c9564be846253a09fee88b599b7d7ec14f9713

  • SHA512

    e9e38898d379f45b333ee505a93234b772c642edcf2acb3363e920a9bccddb6017407d0f40ddde3671656c058cf2a29436f8bacb1c6e4198746f87f65ef393f0

  • SSDEEP

    768:aXBgQ5S40stgDDTos12kMhmAmCA2Q/CgjL8gYPCIOO8vP3zMryFF:aeQw40g0Tbe0Ama+Cg/2D7GMm

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CraxsRat_V6.7\ChangeLog.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2640
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2640 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ade1b5e7a4efcb7836929a14d14bd4ce

    SHA1

    eb25c1de0197260d27ef03c0bcf5420b4e2b6e81

    SHA256

    b5c6540af709da167a491b234704489061ca77bcda4cc890e9d4cb266bd0600d

    SHA512

    ffd760ac439aad25efc5273ca3999e7cb6e0da62ca5242064c5c04fe9fb5c10a9c193c728bb16974dd1d09b94593da67ba14e625942416b0ecd7ced3160c4dac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dd235adc9c4dd30bebb452c13c5793df

    SHA1

    59cd89ff7f4f0183a32311d8e0d192aa4e11e9e8

    SHA256

    363a290009d5d6f93ade3a02d5c6006cb303de82db3a93bc9b2e1427b5046a81

    SHA512

    c9ff685e3dc40be0b95100afb611674c365fdf375cc35e37f8ee5a08d165b4cb3712994174797410473ab3639663af245e840ba46a7a3a05c770d9b967f28088

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bca3f6aed46c0a75daea5a49c6ba437a

    SHA1

    0425643663a090371ad85f9617bf220ede8a7997

    SHA256

    0083ede6a225bef96b7a12b6a96a9f548fddce4056e265cfd01678597b3c988a

    SHA512

    ccd50a9e5d6aceb31e376286676f1a0346df02ad87673f6b9cf97fec696ff2d3a6a60fde75cd9a598771682074e93ba4b661a198c50e69b864307032ac42cf40

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6c5d2083273a2378fe4a9f682e95fa95

    SHA1

    cb73fa078862dd41f32582d9f1999c21a373e22f

    SHA256

    6e9e1a2b859ebbdf52a32441ce25747c764cc11e1e0e8a005a9daf1a45119e96

    SHA512

    fae6c192e8762c2c25e5685b38369333154ee29223a4f9c99cb1786cb793c0a4596a7be667f4120e2be51f62d5f13c7991b1a56c3ab8ccced5efb88c8dc78e68

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    85569f848e47ed08a37b73fb9313d8c9

    SHA1

    06d5e8e4a93ee3a1af2b02fb76d5580601129d0a

    SHA256

    a90908e5b194316f135a8fc1dc6b2fc3fac538f526b3f1b12cd200aeafc0c205

    SHA512

    84797d25b2c5f2e4e417dcdd5fa704df1248f1b700877b343586ec5f23105db7a915c20285e07245d9150757a29385aa34bfdbb07a45f093b39ace86053cc7c1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    07ef960337374b2966b6ed5608ca440f

    SHA1

    a667980448bafa852f16bc6021c8f14aeaef40cb

    SHA256

    998ae3d27becb1dcc4e7edbe9d6da63b198402b5e71ea790de95d1516e8b8112

    SHA512

    ebac49615e0c435ddbd310531d21940a01869910affd2e6e06e8064eaa76e7641c91b34467d3ad96a271523ee3766f422a8491f55485fcba4ea086fab6d7d467

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4ec3415f90568e49107e85bc3c6ecb83

    SHA1

    f5ecec4ccc3599bd1093647dfe363f26f1fc4c44

    SHA256

    7998efa00cd2b504fe4f2137c4364409f27e8b29e1bcf7317fd02a49f8b1e1d7

    SHA512

    a639ff361713d6cbaa3bf3899b0b2dadf4cf92b5c7c45df3501103ef915e342acb146fa149820e8ec5a57ce42c0e5b30881c2c102aa48eebc98de60de305131f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7125a5ee4e3d75252e54679f80070b55

    SHA1

    37163a9117498a68799a8878525681f82cd4e7e5

    SHA256

    5884e3b93023d218955492d528eb062e13f4611f23c20b4d9503b2ffa1676b32

    SHA512

    a1762dbd6b9761813ca4250534e8ee54c819bdde878991a7e4dec521c5fd4f99fc703ae0e7b3dea9657a3e87ec3bfb6fbed79fc30ccf33126b78200981ac1adf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7125a5ee4e3d75252e54679f80070b55

    SHA1

    37163a9117498a68799a8878525681f82cd4e7e5

    SHA256

    5884e3b93023d218955492d528eb062e13f4611f23c20b4d9503b2ffa1676b32

    SHA512

    a1762dbd6b9761813ca4250534e8ee54c819bdde878991a7e4dec521c5fd4f99fc703ae0e7b3dea9657a3e87ec3bfb6fbed79fc30ccf33126b78200981ac1adf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    079b41b33e493c6dbc2a10210ac0fab9

    SHA1

    a84742e7fa9e2d690a6bb83ee103f757e6851954

    SHA256

    d51ca7c72b0c4b17b2d61a050f91454da551283e010e52c1fbefcbdb7428d21e

    SHA512

    7d9484d07ccbcc9f9ecf3e7949b9a877c307d14b5ebabb5bd188ad51f69f35a6f5dff0e68d4955ed7cb87081a0951277932d5679255012d02eadbeb210d5f601

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3b1591a1ceca8aa7e4debb1b0b4eb771

    SHA1

    6112fe982a3735b3ac06616737ab0dacd6793d39

    SHA256

    9b13a8965d47c6a3e523d64208751f29c53365ee661fe976dafedb9bbd09c962

    SHA512

    ecf3ad524aaa5725368aecb846729fa45a1211479ba36b04376c0f6fcc1b23a4d391e0630a4df5c7b16cd0b1acd8fc50c1f9e02e7aed82c1df770a90f430e0ee

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    97ae4f87a29dd0f9a3a5821b67068e61

    SHA1

    fb446a755b0e67c04653c2e532010903d4cecfd1

    SHA256

    d4e098eb4b3f6cee3c5f9bbb05e2cd994f42e22eb9d788844b8d04c0794f7f86

    SHA512

    afbd4433b778b72a57985240cc759cec49ec760fd5a6383795195a7917fe000d73ec4f317edc3323cec922bada8ce94e8f0478663a085820bf1308d37d043e31

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fced8b5dab2da7a1842143ca6f67f44d

    SHA1

    4d72508a825bb32fc947184bdb4c79b0a1a9e12f

    SHA256

    1a230b22fb36267ee8289d8cde61d571a138b1aa1eadbc20ea59f8658752c5f6

    SHA512

    551afce05631fb57cfa529b77ec056023d2b4c969c47926646d0a01262f929e1bbfb9313c1c08a65e6fb3099dad1952b1dea00d6fe85c0ef1ad05c960026ccf7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    58d08a314f27eff69c4206acb141021d

    SHA1

    ee4a6e65236860fe64ff95772d6ce9e1d4a0ebe6

    SHA256

    a21c7d7551a3664cc06c09d2cbcd7fa016390bdfeae78bd2293b5b6eff613dc3

    SHA512

    a27c05c27c558f607cfb66a2902375dd063d06fa253812ac45298f85e2c41f5107203b5d7845ef918177c98c3233be465c77b860afbe317e7c848d3e95fb29b4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    559147c573ff23606a3de7c3e361451f

    SHA1

    ebdb8e4772e0ef0477fab619dbfe76eab2339126

    SHA256

    662466b2b8cb981f9bf00602e75f045f7621361b0bfae25421f476e336707fd1

    SHA512

    d202b0d8f8166922b37231147da87a353b13b808a2f3c2530a516dd32d5ba494e78e30a0289c18117e90caffd40bdfd53e815764db2147dbfe61f9e3dbc2c1d2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    814ca304908df8481c7ba08d7f0b8581

    SHA1

    100126766adbb8c83e67c506cfc08abd8a842a77

    SHA256

    d19969e4befed577009186399d233a59e02d594c5c1ca60a597f5e133c1f7e3c

    SHA512

    a26d0c98fb21208bc5d6a2ad21d0af6fb671ec0f939e6f797bac5f5355660f72e0488bfcc39cd6bbafd2fd0b37727933dfa700fb698172ddba18292eb655242a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    550b1d0e92852b355e509e555db56cd8

    SHA1

    7ce5eef1945fd940bb1807f0634119dcc96fa2c6

    SHA256

    6b398a5f612f3669e847f3214f77c974572601fc39444184791cbe585f9a08b0

    SHA512

    bd54817c9542d1d3a21a4f49311c375edd2797b4e1eb02349e51217db7a91853251292c4d6562ec91ac775db285b2a8cc914840a0c9008a9f1ee0d5c4599cb9c

  • C:\Users\Admin\AppData\Local\Temp\CabC063.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\TarC26B.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf