Analysis

  • max time kernel
    138s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07-04-2024 12:24

General

  • Target

    CraxsRat 7.4 Cracked By @Hidden_Blaze/CraxsRat CrackedBy @Hidden_Blaze.exe

  • Size

    63.7MB

  • MD5

    b38669bb26cb4764ffce25c19f01cce8

  • SHA1

    aaf8035347c044c8542705bb2d9b30f1a8794941

  • SHA256

    f9119449e91e23dc7318b80913cc8470cf316465ca4ce5b92205a19d23063d68

  • SHA512

    2d68b9cd20f08d852120d38bbac24fc9f9536c157c0f69aa94d0fc93b21e171a9dbe55f421e1ae2bb9ac2d1368f379489d13301472b8c7980b14cddf549edc72

  • SSDEEP

    786432:1k+NX10EPRCGZeZLHoA5AKF7zR/t6tKF+iSFgAxTKo2:O+NX10q8GZeZBAMzttZmFXtI

Score
7/10

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat CrackedBy @Hidden_Blaze.exe
    "C:\Users\Admin\AppData\Local\Temp\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat CrackedBy @Hidden_Blaze.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1196
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://t.me/Hidden_Blaze
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2792
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2680
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://t.me/Cracked4You
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2972
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d7a7750bbcd42a72208b9c18446d73bc

    SHA1

    142e798f6a9d2342f193e8362ee64c2ec7b6f0c3

    SHA256

    75e00d62faf37dd825f68af444787656963437baedb466d988c8b86e1932e63a

    SHA512

    a0566565912bdc1535e90f935bae18fc153e35b1e298d7988306dd021c75c54f9f730504e888c38a25d1e76fdb8322c73261bda48e18eb7129e33ecf86e3303c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a4f1e47e5bfd9cfe56d1b1d6adbf1b20

    SHA1

    18e693505a588fd0e94cc4e1e86f471be7d491bc

    SHA256

    eeeaed275a3391cde1ba446856f72e11f3f45f6f526790f9f252f977bf685906

    SHA512

    e1286093cfba4cd1db8578f00bd0719e5be61e20e083289d74a67450a1fb252cc0703f4d43736fe1eaea37226de49c52eed690d693f71d5ac58e926160b033a8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7ad6f38ba7776909c4a0852eed20864c

    SHA1

    5b28ab898680f6381a9f06ffbe5c14edf24d4ee8

    SHA256

    8a4532d770982a692b015197db1a5c00f1ff92c8537fb12c849189dae7e17b27

    SHA512

    a709f9cb6b6e275cb58619738258008a9a6768f2bb4cdddb1d21656423c3fb83a752d812de11a7709e02779c3eb8137192b37cc7191894a4811cc395abeddd3a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    39d1c6a906a5723726a3987968f5799f

    SHA1

    599d77192ba78547673d68f2747f9e24f957081b

    SHA256

    9c11b8263887db5931cac3b51315667f0a987c2961a490c41843dbdaed0b2cf2

    SHA512

    8a1b7a0d51ce1c016e869f5caa958e9eff782bd19f5f40a9216de7e19043593a21994b614d1e9af9c8a9d0c82ffa87da97181ccc171559b19b6e07e474256272

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fb4335c1b93e7022d8f76f1fde70ae96

    SHA1

    2a8b1508ee742f6df09b20d2f033edb4d184895e

    SHA256

    68229a1175599b2e2db9c9c121a7661362745e28ab484ec387c8c45a67971887

    SHA512

    f06e1bb2979d078fe0af9506ace0ae49cbe1d846913b55dee62b6bf4f2df50d658d2aa350ab727faf00b7147059e4351b9fc2a9c1b6a06aefc036fe08be218b0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cc22364c7c35ab2515c390ffb2e1fed4

    SHA1

    9686a2e4dbc48fbe84396666bc5c765a929b2964

    SHA256

    dd679c78fe95d453d6340776b5320dbff656b0d805f65b958a19e8203cbc743f

    SHA512

    0009cdb0956394721c8e8db25c52b96c3008dfb318ab736019667a5307389f02bd3c9655c2e90e8cb8137b0e56f542c0bec9b44ec03e1e12b07fb3e092ee81fd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c569f95eb829921308481c57db1cbb11

    SHA1

    cefbeace8e4b7320d72f710ab454dd52f9cb6e38

    SHA256

    969b240d042465c4cd64685a50130858f876cd643ee5c07f9433654b2e05ad56

    SHA512

    1f8a845055c59978cd09f797f505d6b4515576c2b92c754edc4ff7455c691adad05982b8a9451050d5dafc4e37ad324025c909d7395f4c8b75c2596e34c5a817

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0f579c6dd775a836774116ad132fc7c6

    SHA1

    1e65dc31f9fc4aa4c624a4c7661b3faafce24c99

    SHA256

    fd4c9b307dcc44644fbb548202b49d10fcee6449cad86c8776b50c3eacd4d34f

    SHA512

    ec034af1bb5f2775958a372e8baf28d7a5dff5e49f793080ca127e0973cf3fb9159b8bd1aba88234bc4531d00568573ab0557943801867df4fae3bd3f64fbb3f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    116d499b6032abc611cdd104a1f9e8c6

    SHA1

    dc21453c878dbfcaf3a9e0d664c5ffb7fab9f234

    SHA256

    7184800a8d4ae4d039cf3e34fa2f4f5d5250e4779efd911d59eb87171b2c29c3

    SHA512

    169e5402b449ca7b522af8d81fc4839ab18cd381045f5bb909ea7a28e301b49d1cceb61475db1c93537d7b3129a5bde282a893f469af2b4a5e9762f19b538012

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    569202c6540370926cfb94efb1881721

    SHA1

    3dee11c55f265ef962bb3b54812c60d12427755e

    SHA256

    b131986d77a41300de6085cd4d6b3016de82d075af02dccb3aca9335fec9ea39

    SHA512

    764e1bf98d2102d5852a2073185a24c20e96a4b7f426f52b1c70e52c15868850487970666b7fe4bebbc97007cccfe159112f3325063ea1a292de9430f29192d2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    01d6c3062beb5ec22d3cdbb0103f81a9

    SHA1

    fc268a47747fc32cb4b2f38dafd03865769e5d73

    SHA256

    1d33d5cf7b1e20f0ac8c65e23d6e705643400d31b29588297d29b4ae5cd02b80

    SHA512

    bc874b802425b710c13bd57b4240c4d777e3a4f5b3436e39a1b5b8905550040fcc2fd10bfc19af973a75feb91e31f5329d584254fa7c6b1bdf87864f9265bfe1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4fa9dbad356f7d96cadd27e4d43e93ca

    SHA1

    c15617909d891ba08fc28ffad608ce35adac4609

    SHA256

    a9e64a9389fc1660b977ad5c96b92d164008e2e0b6cab6e63e091bd6836daef4

    SHA512

    2a4cd9eea19dae699a2aff8c1d68699592843c79f799969274c1b40dc0aaa479b45b4851f1434ad15522782e8ef13be5a65ed2c0ebca035ccfcf5198e9434aeb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3d63749b5a4a84897ad9c55ecb9c8633

    SHA1

    a738837b920dc80c21ec1db926f301ab4b1f2a3d

    SHA256

    0cf35f908f7cd3216d461c10afe0526ce5ce968fd8c7b96c21f61d71219f6bb9

    SHA512

    e7fdd469c160c8502bdd874d2aacac2acf421a17e21b8b627905c9b4d845b429e48b9a537d8fcf775e590c76254770d6c9b1dc2816157a944f6c35faf6c40a0f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8065459b5e5f3edeb4b749c207009238

    SHA1

    5dd2e253e493be8eddd402873c3d6fe6466ef7b2

    SHA256

    b923d93a7f54fb846d693887df33c8a20043182435f574ae2ec5b516ac6ac08c

    SHA512

    4553cc9b6acc2e412d5e053d1f5506aa1125b5419d4b6507561663e7f5d859a9251a1f3b7e265a10dd218ddcaf221c66922ce948e6862f6920e2255499cd3421

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    58fded93ba220f4e842f2f5a00cb6f54

    SHA1

    0c1d8022c477666eac2ea8b67e18d637bb3ac39a

    SHA256

    fa6c7b3542be3aa66e972b3cc33c94804aeeae89915d628a7dfbc1b4ac34e644

    SHA512

    9bd2b1951ae1dfab81f6062fd0fdf0ec76b454b19a44e897bfc0d2845d376e147ef0b2ea034ab77736e1a1f54ace001ca61c7011d1a34b62745d93444c1a21bb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    99a0c706fc198f4cb05a0c5e588a179e

    SHA1

    d08299914604e7e7d0933169306b8230949c9d47

    SHA256

    068dc85bb9d9751e374886ef76bf3428cd050ac2e87cca8793f70fe0072428ad

    SHA512

    1e1ac8da63f93f11fe69fc61a86e7abf410c4b24c5634bc88311aecf6d797a8dc201b71919566f7c0a75af1d4e9bb2cc0d50102de1c404823287a29e75c1f4ad

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    01a601acfe9709c6fff373e77cfc8e85

    SHA1

    1f1658dc6cbf5c702f3571e07fff5d15f7c052bd

    SHA256

    02dcef6cf7ce3f8741403ea30f1b865c7dd36bdd06e91a4a49f0b639382626ce

    SHA512

    42f84b880c758387059c07d8ed7e037ce18345ac1e05f6b0a8d61a61772cdbeca6c6bc155de1d4428658f3b03045c911960193700bc5cde523700d0ef387bf99

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2010c5d6c64fa7554933f2e34475a0f9

    SHA1

    e776aecd0d1574ba7de4dcd81e76b7304590fc14

    SHA256

    4d1768384c1e01226f0781c03def154de44f895613dc4b4176d9586b97011de4

    SHA512

    761da2e67cf2707bf25b7725211d2091c9d91269d82cad52a983fe40cf979a78df4aeacd7c3430c5e3f921401f7ce71f3c507edc100fc857e9d63faa2346a2e0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    35ef1adcb5993bdcd86f71ec4ac6f041

    SHA1

    39b4bad8c77a9896ca36b46375df73a821385222

    SHA256

    d0006e29c7a3b7fe5a6d2182c43ffccdd7b34d18f56c43252b724cf88e279f3a

    SHA512

    aef52c0586624d12e8d2482cad9bd902c36149b93d6fc5b7ca6e0740ecfb79895750639535e6ef97b41007385866cb2b54dc46778607e3daa56af24dfbc8cb6d

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CEE21921-F4DA-11EE-A635-D2EFD46A7D0E}.dat

    Filesize

    5KB

    MD5

    7b661e82ef49115a8eb8be75e4c5035b

    SHA1

    ffe6aad5fa6bdaa72c0a92acb3b8e5f623f6dc34

    SHA256

    52cde6e67a60fa95f5d44394d040c316ab82d7a56050a512020f4398dc4f4755

    SHA512

    1a1fcc0b30347b002492ba79647a57b0339bf04b937696bbe7aeec01ffe8586a71cd2c72d26c5cf19da11ff5bcfd1321023999d2b8df1228e3911e3f404e4e0c

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CEE47A81-F4DA-11EE-A635-D2EFD46A7D0E}.dat

    Filesize

    4KB

    MD5

    ae7bf3af1ae45c33b56a4c2d6601fa56

    SHA1

    e12d385694a0add7c5468cce9c616d818b247043

    SHA256

    8aa8eb69d1bdd6dd7edd978df49682647171f515c0b92acb309e00f35ed50066

    SHA512

    e62eb9422f6e4f55de0844198f24f148fa9704d3c536c71569e8b4d54bf7b465d784f8f6b8729b1d09fb878a05ab57d2e97769198c924a322ca4993974f1d4c4

  • C:\Users\Admin\AppData\Local\Temp\Cab6AB7.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar6B99.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

  • memory/1196-8-0x00000000004E0000-0x000000000051C000-memory.dmp

    Filesize

    240KB

  • memory/1196-13-0x00000000222C0000-0x0000000022340000-memory.dmp

    Filesize

    512KB

  • memory/1196-10-0x00000000003E0000-0x00000000003EA000-memory.dmp

    Filesize

    40KB

  • memory/1196-9-0x00000000003E0000-0x00000000003EA000-memory.dmp

    Filesize

    40KB

  • memory/1196-0-0x000007FEF5220000-0x000007FEF5C0C000-memory.dmp

    Filesize

    9.9MB

  • memory/1196-21-0x000007FEF5220000-0x000007FEF5C0C000-memory.dmp

    Filesize

    9.9MB

  • memory/1196-6-0x00000000004B0000-0x00000000004DC000-memory.dmp

    Filesize

    176KB

  • memory/1196-22-0x00000000003E0000-0x00000000003EA000-memory.dmp

    Filesize

    40KB

  • memory/1196-4-0x00000000003D0000-0x00000000003DC000-memory.dmp

    Filesize

    48KB

  • memory/1196-3-0x00000000222C0000-0x0000000022340000-memory.dmp

    Filesize

    512KB

  • memory/1196-2-0x000000001EE50000-0x000000001FEBC000-memory.dmp

    Filesize

    16.4MB

  • memory/1196-1-0x0000000000850000-0x0000000004800000-memory.dmp

    Filesize

    63.7MB