Analysis

  • max time kernel
    240s
  • max time network
    352s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 06:13

General

  • Target

    CraxsRat_V6.7/ChangeLog.html

  • Size

    38KB

  • MD5

    68be5f2305d89845ae9c4e81e5b493ef

  • SHA1

    e6467906b143472331b6184ddf6471e3cb698502

  • SHA256

    6b7feccc3c61f99c5db7890187c9564be846253a09fee88b599b7d7ec14f9713

  • SHA512

    e9e38898d379f45b333ee505a93234b772c642edcf2acb3363e920a9bccddb6017407d0f40ddde3671656c058cf2a29436f8bacb1c6e4198746f87f65ef393f0

  • SSDEEP

    768:aXBgQ5S40stgDDTos12kMhmAmCA2Q/CgjL8gYPCIOO8vP3zMryFF:aeQw40g0Tbe0Ama+Cg/2D7GMm

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CraxsRat_V6.7\ChangeLog.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1204

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    088371ae4446c7cd5b814899a3e1d227

    SHA1

    99a983f807257778bf2fb474c4cca8c11e998ef0

    SHA256

    44c8db345bf13b68200cca59fc4a9612391d8d4eea417545247493ca305831b9

    SHA512

    e183ba9f259a76f9c25894413bc66a1f9a64afb38e878ada4c3e29fa6186a661023517d9e51c4924fd709076f263fda7e6459f26f808617694bedb4515f119e5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bac9941f23ed3fae86cf011fc258afd5

    SHA1

    addf1b2cfd135194777f4047596deb78fe934f63

    SHA256

    989b4d59184071607860c00947acbf588537f87133b5a2d1be9d885e2706adb1

    SHA512

    c88ed4fa9714f61ba2af306381f36ec835a8e6465c4e8497a2586aeea08d218b038ee6c5fa78ce8df16ef9c816cdb99d3d0d3d0381ac35a1dec8238acdfbf420

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d171ae45c53b0b472b24fb570217d0ee

    SHA1

    64f94cb2190f6b022fe21a2445a3e4f4b6534663

    SHA256

    27586e0a8c0282023dc743592802d94f6256344dd5e89d164e03a429fd052155

    SHA512

    2a63e4ebd3de3d3b43ec4f5cf3425ae0a5385f6fa26158f2cabcf05b9e6ade0091cfb49bd68a84bf9565f13714ad09bc4b953554d06f5a8d398d4434298672fb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e5d3a5fc8b3d3ff1aa86785a825988d3

    SHA1

    25c3cb375ad415ceb333737340573edd48b7d639

    SHA256

    9598faeecf99c8a5f5fe53a56a789c6d6c5fe2b7872d3d5cf859b6f9ea56a0d7

    SHA512

    23dc741b5991b5b4bc703d831dbb43a8fe2d58a1e0d6ceb82938d41c7bcddcc16f6072dda846624ba91f90a5fd5f5ee9ea561323214a0bf838ae3353e4a1e7ad

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    166c2ed1b56c87a4d74c6ff0ea2d8073

    SHA1

    de25338e06dc6dcf593db08dabd57ed0e9f2002b

    SHA256

    c92169ac74b7536389f594f18d1cbd1e9c9c9d7a8b3b56391d54a7e3382efa6b

    SHA512

    745f614abc733c870c420db0a1da04b894c30bdc5ec0d773779d86c27c49e51bff4e8f9928f68c05660504e38a98f2bbfa34013f23a0795eda9b8965e5a13f4e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    515b66aa774b2429b5b3a131744254e2

    SHA1

    1abdce34149d95610a9e78317d7c8806a129d1f4

    SHA256

    c8fe6a66d24ea1334d036ba25f08e42130daba5cd2652d1bdd8517e4a56a1a37

    SHA512

    e78004b9ac57d953f8f884626df2228c79db27f843facb474522f259fc11a5c789bc9c0a66dd900ea8fd92ab586fd37b342a59e2382f87329299be6b79296526

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ce0dc9d322098558d414de5ce56d2717

    SHA1

    8eb9cb1ae4c48f6f76b8f2c362be8eeabeb3c746

    SHA256

    52368382f7a989e0c4fa85e0e40a5f6a2a4e754d5a1581f86ff4f3eb71247da6

    SHA512

    f4c2b982b96891e854bdc70ef5330fb163011fd4b9a3e75577dc99e3973bf4a20a35a76b8584cdd1305ab0f10c0c38248447722079cd90d0d8fa2e7cf30b9257

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1d5cf90c62476735df64c378597526b3

    SHA1

    384ac449c2b4603f1135f6da28fcf41f557000a5

    SHA256

    3926694920ae02c8cc844f9cf8a543cc3b038a510ba5c09aec3781486e9e42bf

    SHA512

    975b69fe1dda50b0b4aa4c27c4eba758bafc79f36599df85be8efeba93ef8118d45498b8703bf5ce1492e10d2ae5a8315bb5820cf0c916ccfc863f97e188bba7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fd8518b3317f1cb9a61efa818f479038

    SHA1

    a31975e7125118f7111009bc037e79d5a807d47b

    SHA256

    e5426d1e92b3cc1777e798f5a96335ecf04f626e639f59c994b7dd51ffb4b5ed

    SHA512

    a2fef0689c44ea48c9be1fb99825a6d310330e76446f117fbaf0d8ac7993c4ec05892b9637042814ff8b7d36c9949031758cf56de7b4512233adc954c2e45879

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    66acba7e6a3d7101bbda3230f903c603

    SHA1

    c1220f2ea0fdbc4cc0f12ed9a563aa5be5111df9

    SHA256

    1ccacf60e07d7194d9f1bd1583b4f50684f7ca46a0c81fd46679763abad11d69

    SHA512

    0fdc481e87fc7e430dcfce1e35a6691c792213e6014888a788facf7e9074c5da002254cc2138dff25b11200f3d1a8f5ee39c5d37b09797850a06ae773539afcd

  • C:\Users\Admin\AppData\Local\Temp\CabBBB4.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\TarBC34.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf