crimsonrat | 87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad

Analysis

max time kernel
40s
max time network
24s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13-04-2024 18:19

Target

dlrarhsiva.exe
Size

9.1MB
MD5

64261d5f3b07671f15b7f10f2f78da3f
SHA1

d4f978177394024bb4d0e5b6b972a5f72f830181
SHA256

87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad
SHA512

3a9ff39e6bc7585b0b03f7327652e4c3b766563e8b183c25b6497e30956945add5684f1579862117e44c6bac2802601fc7c4d2a0daa1824f16c4da1fd6c9c91a
SSDEEP

768:nK6i7INFzKMNDOrt1Ln84KcN5jv7tLoQOoAdIERGo:K6C6PDEtN84PjSQOo2IeG

Score

10^/10

crimsonrat rat

Family

crimsonrat

185.136.161.124

CrimsonRat
Crimson RAT is a malware linked to a Pakistani-linked threat actor.
rat crimsonrat

Suspicious behavior: EnumeratesProcesses 30 IoCs

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2884	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2884	taskmgr.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Suspicious use of SendNotifyMessage 36 IoCs

C:\Users\Admin\AppData\Local\Temp\dlrarhsiva.exe
"C:\Users\Admin\AppData\Local\Temp\dlrarhsiva.exe"
1⤵
PID:1816

memory/1816-0-0x0000000000EB0000-0x00000000017C4000-memory.dmp

Filesize
9.1MB

Download
memory/1816-1-0x000007FEF4310000-0x000007FEF4CFC000-memory.dmp

Filesize
9.9MB

Download
memory/1816-2-0x000000001BA10000-0x000000001BA90000-memory.dmp

Filesize
512KB

Download
memory/1816-4-0x000007FEF4310000-0x000007FEF4CFC000-memory.dmp

Filesize
9.9MB

Download
memory/1816-5-0x000000001BA10000-0x000000001BA90000-memory.dmp

Filesize
512KB

Download
memory/2884-3-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2884-6-0x0000000002C10000-0x0000000002C11000-memory.dmp

Filesize
4KB

Download
memory/2884-7-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download