Overview

overview

10

Static

static

7

CSHacksFre...ks.exe

windows7-x64

1

CSHacksFre...ks.exe

windows10-2004-x64

1

Covid18.exe

windows7-x64

10

Covid18.exe

windows10-2004-x64

10

Covid20.exe

windows7-x64

7

Covid20.exe

windows10-2004-x64

7

Covid21 2.0.exe

windows7-x64

8

Covid21 2.0.exe

windows10-2004-x64

8

Covid666.exe

windows7-x64

Covid666.exe

windows10-2004-x64

CrazyPos.exe

windows7-x64

1

CrazyPos.exe

windows10-2004-x64

1

CrazyText.exe

windows7-x64

1

CrazyText.exe

windows10-2004-x64

1

Cronic.exe

windows7-x64

1

Cronic.exe

windows10-2004-x64

1

country.exe

windows7-x64

1

country.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    1542s
  • max time network
    1171s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/03/2024, 18:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    CrazyText.exe

  • Size

    576KB

  • MD5

    fbe1e739e7bad91059fa7f2d2847346d

  • SHA1

    648b0e40677df5c21dabb954a83f55a19d726b0c

  • SHA256

    6c653da84ec83702be65aa87884ff546e8d2b37846051e9dceec6a283306a823

  • SHA512

    3fbb7be6f365adb0e5e94d07418b5b4aad6d5b94a2c4b9cdc7ee78ed35b357f6a850672315f90f1a17e27210bc2365b4f69a7b4ae6a1143e205b507efc2e1896

  • SSDEEP

    6144:jnQbGwWj//EHZMdVOs2JLyK6z1wespJIK:7QyTj/kZwV4PeE

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CrazyText.exe
    "C:\Users\Admin\AppData\Local\Temp\CrazyText.exe"
    1⤵
      PID:3876
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
      1⤵
        PID:5044
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k UnistackSvcGroup
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4616

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3876-0-0x00007FF687760000-0x00007FF68782C000-memory.dmp

        Filesize

        816KB

        Download

      • memory/4616-1-0x0000022EFAC40000-0x0000022EFAC50000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4616-17-0x0000022EFAD40000-0x0000022EFAD50000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4616-33-0x0000022EFF030000-0x0000022EFF031000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4616-35-0x0000022EFF060000-0x0000022EFF061000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4616-36-0x0000022EFF060000-0x0000022EFF061000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4616-37-0x0000022EFF170000-0x0000022EFF171000-memory.dmp

        Filesize

        4KB

        Download