Analysis

  • max time kernel
    120s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    06-03-2024 11:58

General

  • Target

    CraxsRat_V6.7/ChangeLog.html

  • Size

    38KB

  • MD5

    68be5f2305d89845ae9c4e81e5b493ef

  • SHA1

    e6467906b143472331b6184ddf6471e3cb698502

  • SHA256

    6b7feccc3c61f99c5db7890187c9564be846253a09fee88b599b7d7ec14f9713

  • SHA512

    e9e38898d379f45b333ee505a93234b772c642edcf2acb3363e920a9bccddb6017407d0f40ddde3671656c058cf2a29436f8bacb1c6e4198746f87f65ef393f0

  • SSDEEP

    768:aXBgQ5S40stgDDTos12kMhmAmCA2Q/CgjL8gYPCIOO8vP3zMryFF:aeQw40g0Tbe0Ama+Cg/2D7GMm

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CraxsRat_V6.7\ChangeLog.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2268
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2268 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:352

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1bef3ffa1aaf3a5db476000710536752

    SHA1

    0eda38d89c065f572402f4b3c75a111ad36b8b61

    SHA256

    e147d9520eb4809e3306dd72e92674ec6718780dd84d53a5889b22b988d506e8

    SHA512

    78ba60c4986364af94bb4682d95a628e56d630a6f03521ed560149fe2478a79bf76c5d58b48cf7b2543bb30dbc838ba675518e59a67f9bcfe3144601e333239b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d0241759f4c70c7c8c31972311a71106

    SHA1

    f1cc16781fbb4258b729ec45244581b01ce6dd32

    SHA256

    a2415991aa24deb8acf0717216c2518da4baea626e7a59328fe9f7f19820aec3

    SHA512

    4fb070102111bc1fc180413b5dd43f06bb8d905c964a3ede9ec8efb6e53f4eeccba1f92a8e11a3809a6ac6d61fde395829b645a04435f037ef26c23a2c811a3d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    32f59f0ea90d42215dd0a5e0c36640af

    SHA1

    f3c3b87dfe83a560e1c63d9ec9e25f8f33dff25d

    SHA256

    a4b5b9ecae2bd3e42eb82780081e52a0e31f6219a61da9f80029a0677b4a4d62

    SHA512

    438ad60ca324640cb1c718cb267988c5e681c5654cc03fe186654d7fcc8acbb262f5c139185c77c356885cdc5f4aff763003bbbed2b678a5ed65b33c73b0ec52

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1918703d8864fa660daee4d6bf438ccb

    SHA1

    ad7bec94311c842466ea298d293ec75f9c4670bd

    SHA256

    3051118e477e9270f6cf6a4b55231373b4043a67aa99d10042443eb3e4ae8235

    SHA512

    d73b706851d51b253f225004c81459395892a2d558e6b830ff0e0bdbbba1396f351eb2e71f2f758814644c3cf6986385fa1720d98c37c8965b3f7f175e32af14

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    35a69b32b0bf5e44281b96c476ed94a1

    SHA1

    5af5fcf5b7c9efcd88c6e88375698638f8419a2a

    SHA256

    89d5095ed4758484b61c2a42da54cd7b85f389069db6b005aa1c0a22bf022973

    SHA512

    a7fc114e03fad478f154f4ef8f427980ab0d86bad3c9770cef4d97a59963a7dada72fba89fd8598f1f82d644e5a8ba2b6be8bb456ed7438b98a404cde43f57db

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    17cb4c0be80ccc558adf27d6247eb281

    SHA1

    2b5fcfc3a5f9876a5bf197d3bc2b8e32a73a149d

    SHA256

    387f1fe77a4fa82a18698851df5a15c6944f9d73f1c1a4b5f3422ac5ff81030c

    SHA512

    3a8e5bfc9aef79d0c15a4f7fd71c6fff6a17f0c083ba1ca255530737704f30608c82998dc50a2d6424614de7b5c778e092602d81f0f242de79f9e187483b29a0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    76caad3a018928798cda7482d1c48240

    SHA1

    6baf2215ad60bf7681b45dfb5d33df7f62617d28

    SHA256

    b505b3bc791ac96a634dd64e4d89d34474ecc23f79aaa7d99ffb951416c92983

    SHA512

    09b71616cd1e7e4d8da611e6720336524b37ec084dd43bf65ba57180ef80a21fba98b641561156baae9938efc3bc40a9cd35f1ec0bbf46532e09f219ab8231ac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    964cc8cb9a63be0c6140e114f51deb0d

    SHA1

    9735a9323c5362d3ee768af9f3965aceb4ce2701

    SHA256

    67c75fa7ddbb7b34f87c6559e50cae1888b0f2146f53e3718b731cf81bb78230

    SHA512

    913eee86c21fb6dc15b729caa4292a4315af40cb7ad24274843e2bf8ded0b2b390e9e5405818cf18f402adf4c170e34a551b1aa484ac7eb1c79b9a863e2293ec

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ba71df06d1d070895acbd86d500c04bc

    SHA1

    5dcb903b1b4a61d57cb48163dcc79ca7b1b0210d

    SHA256

    19dbc416bee0b3fb299037ef0a86f4f042f6b8a7e85c938788055763cf91e14b

    SHA512

    5faa13a326b27e3228a8990ba9d3f2cfa8d415d237051a91ae7d585a93a9705174753677feb558cbc698d51a863a8c7bbce0305c51f7f0bc6b3f38b7767a8d7b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0a2f6ffbd9735bef5e2a985c35b2cae5

    SHA1

    3cc511568766022d94752d6032a2d708f47a252d

    SHA256

    8bac5f6aac6df6eca57265064b382a8b9beae89e587595e6a3514240041eee18

    SHA512

    dfef2a15b087899f0ff5d059ea87cbe5d16abef9d0acdc1cf9bb4a5b6aceea42724724d83fcee5ff1b44b68c5c3a04d22ec5be476945b6a60154c1f8b5c81295

  • C:\Users\Admin\AppData\Local\Temp\Tar609F.tmp

    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63