Overview
overview
7Static
static
7CraxsRat 7...g.html
windows7-x64
1CraxsRat 7...g.html
windows10-2004-x64
1CraxsRat 7...ze.exe
windows7-x64
7CraxsRat 7...ze.exe
windows10-2004-x64
7CraxsRat 7...rk.dll
windows7-x64
1CraxsRat 7...rk.dll
windows10-2004-x64
1CraxsRat 7...ys.dll
windows7-x64
1CraxsRat 7...ys.dll
windows10-2004-x64
1CraxsRat 7...PS.dll
windows7-x64
1CraxsRat 7...PS.dll
windows10-2004-x64
1CraxsRat 7...ms.dll
windows7-x64
1CraxsRat 7...ms.dll
windows10-2004-x64
1CraxsRat 7...pf.dll
windows7-x64
1CraxsRat 7...pf.dll
windows10-2004-x64
1CraxsRat 7...ts.dll
windows7-x64
1CraxsRat 7...ts.dll
windows10-2004-x64
1CraxsRat 7...io.dll
windows7-x64
1CraxsRat 7...io.dll
windows10-2004-x64
1CraxsRat 7...on.dll
windows7-x64
1CraxsRat 7...on.dll
windows10-2004-x64
1CraxsRat 7...le.dll
windows7-x64
1CraxsRat 7...le.dll
windows10-2004-x64
1CraxsRat 7...et.dll
windows7-x64
1CraxsRat 7...et.dll
windows10-2004-x64
1CraxsRat 7...xs.dll
windows7-x64
1CraxsRat 7...xs.dll
windows10-2004-x64
1CraxsRat 7...7z.dll
windows7-x64
3CraxsRat 7...7z.dll
windows10-2004-x64
3CraxsRat 7...7z.exe
windows7-x64
7CraxsRat 7...7z.exe
windows10-2004-x64
7CraxsRat 7...or.jar
windows7-x64
1CraxsRat 7...or.jar
windows10-2004-x64
7Analysis
-
max time kernel
138s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
07-04-2024 12:24
Behavioral task
behavioral1
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/ChangeLog.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/ChangeLog.html
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/CraxsRat CrackedBy @Hidden_Blaze.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/CraxsRat CrackedBy @Hidden_Blaze.exe
Resource
win10v2004-20240319-en
Behavioral task
behavioral5
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/DrakeUI.Framework.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/DrakeUI.Framework.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/GeoIPCitys.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/GeoIPCitys.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/LiveCharts.MAPS.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/LiveCharts.MAPS.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/LiveCharts.WinForms.dll
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/LiveCharts.WinForms.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/LiveCharts.Wpf.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/LiveCharts.Wpf.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/LiveCharts.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/LiveCharts.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/NAudio.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/NAudio.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/Newtonsoft.Json.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/Newtonsoft.Json.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/System.IO.Compression.ZipFile.dll
Resource
win7-20240215-en
Behavioral task
behavioral22
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/System.IO.Compression.ZipFile.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/WinMM.Net.dll
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/WinMM.Net.dll
Resource
win10v2004-20240319-en
Behavioral task
behavioral25
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/craxs.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/craxs.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/res/Lib/7z.dll
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/res/Lib/7z.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/res/Lib/7z.exe
Resource
win7-20231129-en
Behavioral task
behavioral30
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/res/Lib/7z.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/res/Lib/ApkEditor.jar
Resource
win7-20240220-en
Behavioral task
behavioral32
Sample
CraxsRat 7.4 Cracked By @Hidden_Blaze/res/Lib/ApkEditor.jar
Resource
win10v2004-20240226-en
General
-
Target
CraxsRat 7.4 Cracked By @Hidden_Blaze/CraxsRat CrackedBy @Hidden_Blaze.exe
-
Size
63.7MB
-
MD5
b38669bb26cb4764ffce25c19f01cce8
-
SHA1
aaf8035347c044c8542705bb2d9b30f1a8794941
-
SHA256
f9119449e91e23dc7318b80913cc8470cf316465ca4ce5b92205a19d23063d68
-
SHA512
2d68b9cd20f08d852120d38bbac24fc9f9536c157c0f69aa94d0fc93b21e171a9dbe55f421e1ae2bb9ac2d1368f379489d13301472b8c7980b14cddf549edc72
-
SSDEEP
786432:1k+NX10EPRCGZeZLHoA5AKF7zR/t6tKF+iSFgAxTKo2:O+NX10q8GZeZBAMzttZmFXtI
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral3/memory/1196-2-0x000000001EE50000-0x000000001FEBC000-memory.dmp agile_net -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Processes:
iexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "418654978" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CEE21921-F4DA-11EE-A635-D2EFD46A7D0E} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 800db4a3e788da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a700000000002000000000010660000000100002000000046ddffeca6726fe2e1f79cbfdd5b47b0b131fc14ece1cc89a2a9210dbd23e29a000000000e8000000002000020000000e9521fcf4686a84ce384548efbc74b31f6163fdb762a3ff497fdcaa699fcf25120000000d73538a8f9fc4792e7674ccd5e6d28134ec8d34e6c59a4e6e6f68402bf05ed5b4000000097a8eaa7c3c72acd3fa2e3c4b69528423a10ac6059c5e971f3ed22378ff134d4481211013fca553935713d787a720618ef69e66d41c007e924f6ad83d16cb1aa iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000b1648c498f2dc607d2856ebaf9037c1674915e6f19f64ce430db0b5d8ec4df21000000000e8000000002000020000000890a127c56c95ed8d92741f954f2a0e60fb3a26c5e2895d26092424f51cad2809000000069c6bba50ae52fd8a11262ec9eedf8708b0004467c6ab5128415fd945c07a241b1b46e37143c3315916c7a40435196488bc43ee97cdf9ee2cc2477fa8c2b554f6c3f54d9c71103bffdbf413c9948d85883b737f5e5fefa2c5905a4913d25ec14bb029c743820c70638a3f79bbe079af9093554a7d9d90a17c670c51972d13c30f92300cfa201db147a2d19b016890869400000001c581fd18aa22e5dd39c4e27fef708d7209a0894be7c202626bd040b806914d0ed0306d79cb6a3fdccd85c95a0895215aa7fe4b06a0405488d54777eb9a1237e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CEE47A81-F4DA-11EE-A635-D2EFD46A7D0E} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
iexplore.exeiexplore.exepid process 2792 iexplore.exe 2972 iexplore.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
Processes:
iexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEpid process 2792 iexplore.exe 2792 iexplore.exe 2972 iexplore.exe 2972 iexplore.exe 2680 IEXPLORE.EXE 2680 IEXPLORE.EXE 2608 IEXPLORE.EXE 2608 IEXPLORE.EXE 2680 IEXPLORE.EXE 2680 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 14 IoCs
Processes:
CraxsRat CrackedBy @Hidden_Blaze.exeiexplore.exeiexplore.exedescription pid process target process PID 1196 wrote to memory of 2792 1196 CraxsRat CrackedBy @Hidden_Blaze.exe iexplore.exe PID 1196 wrote to memory of 2792 1196 CraxsRat CrackedBy @Hidden_Blaze.exe iexplore.exe PID 1196 wrote to memory of 2792 1196 CraxsRat CrackedBy @Hidden_Blaze.exe iexplore.exe PID 1196 wrote to memory of 2972 1196 CraxsRat CrackedBy @Hidden_Blaze.exe iexplore.exe PID 1196 wrote to memory of 2972 1196 CraxsRat CrackedBy @Hidden_Blaze.exe iexplore.exe PID 1196 wrote to memory of 2972 1196 CraxsRat CrackedBy @Hidden_Blaze.exe iexplore.exe PID 2792 wrote to memory of 2680 2792 iexplore.exe IEXPLORE.EXE PID 2792 wrote to memory of 2680 2792 iexplore.exe IEXPLORE.EXE PID 2792 wrote to memory of 2680 2792 iexplore.exe IEXPLORE.EXE PID 2792 wrote to memory of 2680 2792 iexplore.exe IEXPLORE.EXE PID 2972 wrote to memory of 2608 2972 iexplore.exe IEXPLORE.EXE PID 2972 wrote to memory of 2608 2972 iexplore.exe IEXPLORE.EXE PID 2972 wrote to memory of 2608 2972 iexplore.exe IEXPLORE.EXE PID 2972 wrote to memory of 2608 2972 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat CrackedBy @Hidden_Blaze.exe"C:\Users\Admin\AppData\Local\Temp\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat CrackedBy @Hidden_Blaze.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1196 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://t.me/Hidden_Blaze2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2792 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2680
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://t.me/Cracked4You2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2972 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2608
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d7a7750bbcd42a72208b9c18446d73bc
SHA1142e798f6a9d2342f193e8362ee64c2ec7b6f0c3
SHA25675e00d62faf37dd825f68af444787656963437baedb466d988c8b86e1932e63a
SHA512a0566565912bdc1535e90f935bae18fc153e35b1e298d7988306dd021c75c54f9f730504e888c38a25d1e76fdb8322c73261bda48e18eb7129e33ecf86e3303c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a4f1e47e5bfd9cfe56d1b1d6adbf1b20
SHA118e693505a588fd0e94cc4e1e86f471be7d491bc
SHA256eeeaed275a3391cde1ba446856f72e11f3f45f6f526790f9f252f977bf685906
SHA512e1286093cfba4cd1db8578f00bd0719e5be61e20e083289d74a67450a1fb252cc0703f4d43736fe1eaea37226de49c52eed690d693f71d5ac58e926160b033a8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57ad6f38ba7776909c4a0852eed20864c
SHA15b28ab898680f6381a9f06ffbe5c14edf24d4ee8
SHA2568a4532d770982a692b015197db1a5c00f1ff92c8537fb12c849189dae7e17b27
SHA512a709f9cb6b6e275cb58619738258008a9a6768f2bb4cdddb1d21656423c3fb83a752d812de11a7709e02779c3eb8137192b37cc7191894a4811cc395abeddd3a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD539d1c6a906a5723726a3987968f5799f
SHA1599d77192ba78547673d68f2747f9e24f957081b
SHA2569c11b8263887db5931cac3b51315667f0a987c2961a490c41843dbdaed0b2cf2
SHA5128a1b7a0d51ce1c016e869f5caa958e9eff782bd19f5f40a9216de7e19043593a21994b614d1e9af9c8a9d0c82ffa87da97181ccc171559b19b6e07e474256272
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fb4335c1b93e7022d8f76f1fde70ae96
SHA12a8b1508ee742f6df09b20d2f033edb4d184895e
SHA25668229a1175599b2e2db9c9c121a7661362745e28ab484ec387c8c45a67971887
SHA512f06e1bb2979d078fe0af9506ace0ae49cbe1d846913b55dee62b6bf4f2df50d658d2aa350ab727faf00b7147059e4351b9fc2a9c1b6a06aefc036fe08be218b0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cc22364c7c35ab2515c390ffb2e1fed4
SHA19686a2e4dbc48fbe84396666bc5c765a929b2964
SHA256dd679c78fe95d453d6340776b5320dbff656b0d805f65b958a19e8203cbc743f
SHA5120009cdb0956394721c8e8db25c52b96c3008dfb318ab736019667a5307389f02bd3c9655c2e90e8cb8137b0e56f542c0bec9b44ec03e1e12b07fb3e092ee81fd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c569f95eb829921308481c57db1cbb11
SHA1cefbeace8e4b7320d72f710ab454dd52f9cb6e38
SHA256969b240d042465c4cd64685a50130858f876cd643ee5c07f9433654b2e05ad56
SHA5121f8a845055c59978cd09f797f505d6b4515576c2b92c754edc4ff7455c691adad05982b8a9451050d5dafc4e37ad324025c909d7395f4c8b75c2596e34c5a817
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50f579c6dd775a836774116ad132fc7c6
SHA11e65dc31f9fc4aa4c624a4c7661b3faafce24c99
SHA256fd4c9b307dcc44644fbb548202b49d10fcee6449cad86c8776b50c3eacd4d34f
SHA512ec034af1bb5f2775958a372e8baf28d7a5dff5e49f793080ca127e0973cf3fb9159b8bd1aba88234bc4531d00568573ab0557943801867df4fae3bd3f64fbb3f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5116d499b6032abc611cdd104a1f9e8c6
SHA1dc21453c878dbfcaf3a9e0d664c5ffb7fab9f234
SHA2567184800a8d4ae4d039cf3e34fa2f4f5d5250e4779efd911d59eb87171b2c29c3
SHA512169e5402b449ca7b522af8d81fc4839ab18cd381045f5bb909ea7a28e301b49d1cceb61475db1c93537d7b3129a5bde282a893f469af2b4a5e9762f19b538012
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5569202c6540370926cfb94efb1881721
SHA13dee11c55f265ef962bb3b54812c60d12427755e
SHA256b131986d77a41300de6085cd4d6b3016de82d075af02dccb3aca9335fec9ea39
SHA512764e1bf98d2102d5852a2073185a24c20e96a4b7f426f52b1c70e52c15868850487970666b7fe4bebbc97007cccfe159112f3325063ea1a292de9430f29192d2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD501d6c3062beb5ec22d3cdbb0103f81a9
SHA1fc268a47747fc32cb4b2f38dafd03865769e5d73
SHA2561d33d5cf7b1e20f0ac8c65e23d6e705643400d31b29588297d29b4ae5cd02b80
SHA512bc874b802425b710c13bd57b4240c4d777e3a4f5b3436e39a1b5b8905550040fcc2fd10bfc19af973a75feb91e31f5329d584254fa7c6b1bdf87864f9265bfe1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54fa9dbad356f7d96cadd27e4d43e93ca
SHA1c15617909d891ba08fc28ffad608ce35adac4609
SHA256a9e64a9389fc1660b977ad5c96b92d164008e2e0b6cab6e63e091bd6836daef4
SHA5122a4cd9eea19dae699a2aff8c1d68699592843c79f799969274c1b40dc0aaa479b45b4851f1434ad15522782e8ef13be5a65ed2c0ebca035ccfcf5198e9434aeb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53d63749b5a4a84897ad9c55ecb9c8633
SHA1a738837b920dc80c21ec1db926f301ab4b1f2a3d
SHA2560cf35f908f7cd3216d461c10afe0526ce5ce968fd8c7b96c21f61d71219f6bb9
SHA512e7fdd469c160c8502bdd874d2aacac2acf421a17e21b8b627905c9b4d845b429e48b9a537d8fcf775e590c76254770d6c9b1dc2816157a944f6c35faf6c40a0f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58065459b5e5f3edeb4b749c207009238
SHA15dd2e253e493be8eddd402873c3d6fe6466ef7b2
SHA256b923d93a7f54fb846d693887df33c8a20043182435f574ae2ec5b516ac6ac08c
SHA5124553cc9b6acc2e412d5e053d1f5506aa1125b5419d4b6507561663e7f5d859a9251a1f3b7e265a10dd218ddcaf221c66922ce948e6862f6920e2255499cd3421
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD558fded93ba220f4e842f2f5a00cb6f54
SHA10c1d8022c477666eac2ea8b67e18d637bb3ac39a
SHA256fa6c7b3542be3aa66e972b3cc33c94804aeeae89915d628a7dfbc1b4ac34e644
SHA5129bd2b1951ae1dfab81f6062fd0fdf0ec76b454b19a44e897bfc0d2845d376e147ef0b2ea034ab77736e1a1f54ace001ca61c7011d1a34b62745d93444c1a21bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD599a0c706fc198f4cb05a0c5e588a179e
SHA1d08299914604e7e7d0933169306b8230949c9d47
SHA256068dc85bb9d9751e374886ef76bf3428cd050ac2e87cca8793f70fe0072428ad
SHA5121e1ac8da63f93f11fe69fc61a86e7abf410c4b24c5634bc88311aecf6d797a8dc201b71919566f7c0a75af1d4e9bb2cc0d50102de1c404823287a29e75c1f4ad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD501a601acfe9709c6fff373e77cfc8e85
SHA11f1658dc6cbf5c702f3571e07fff5d15f7c052bd
SHA25602dcef6cf7ce3f8741403ea30f1b865c7dd36bdd06e91a4a49f0b639382626ce
SHA51242f84b880c758387059c07d8ed7e037ce18345ac1e05f6b0a8d61a61772cdbeca6c6bc155de1d4428658f3b03045c911960193700bc5cde523700d0ef387bf99
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52010c5d6c64fa7554933f2e34475a0f9
SHA1e776aecd0d1574ba7de4dcd81e76b7304590fc14
SHA2564d1768384c1e01226f0781c03def154de44f895613dc4b4176d9586b97011de4
SHA512761da2e67cf2707bf25b7725211d2091c9d91269d82cad52a983fe40cf979a78df4aeacd7c3430c5e3f921401f7ce71f3c507edc100fc857e9d63faa2346a2e0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD535ef1adcb5993bdcd86f71ec4ac6f041
SHA139b4bad8c77a9896ca36b46375df73a821385222
SHA256d0006e29c7a3b7fe5a6d2182c43ffccdd7b34d18f56c43252b724cf88e279f3a
SHA512aef52c0586624d12e8d2482cad9bd902c36149b93d6fc5b7ca6e0740ecfb79895750639535e6ef97b41007385866cb2b54dc46778607e3daa56af24dfbc8cb6d
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CEE21921-F4DA-11EE-A635-D2EFD46A7D0E}.dat
Filesize5KB
MD57b661e82ef49115a8eb8be75e4c5035b
SHA1ffe6aad5fa6bdaa72c0a92acb3b8e5f623f6dc34
SHA25652cde6e67a60fa95f5d44394d040c316ab82d7a56050a512020f4398dc4f4755
SHA5121a1fcc0b30347b002492ba79647a57b0339bf04b937696bbe7aeec01ffe8586a71cd2c72d26c5cf19da11ff5bcfd1321023999d2b8df1228e3911e3f404e4e0c
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CEE47A81-F4DA-11EE-A635-D2EFD46A7D0E}.dat
Filesize4KB
MD5ae7bf3af1ae45c33b56a4c2d6601fa56
SHA1e12d385694a0add7c5468cce9c616d818b247043
SHA2568aa8eb69d1bdd6dd7edd978df49682647171f515c0b92acb309e00f35ed50066
SHA512e62eb9422f6e4f55de0844198f24f148fa9704d3c536c71569e8b4d54bf7b465d784f8f6b8729b1d09fb878a05ab57d2e97769198c924a322ca4993974f1d4c4
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a