Analysis
-
max time kernel
1724s -
max time network
1687s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
10-05-2024 07:59
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://gofile.io/d/CSFn4d
Resource
win10v2004-20240426-en
General
-
Target
https://gofile.io/d/CSFn4d
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral1/memory/5440-201-0x0000029833FB0000-0x000002983501C000-memory.dmp agile_net -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 4 IoCs
Processes:
CraxsRat.exemsedge.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.apk CraxsRat.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.apk\DefaultIcon\ = "C:\\Users\\Admin\\Downloads\\CraxsRat 7.4 Cracked By @Hidden_Blaze\\CraxsRat 7.4 Cracked By @Hidden_Blaze\\res\\Icons\\apk.ico" CraxsRat.exe Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.apk\DefaultIcon CraxsRat.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 4940 msedge.exe 4940 msedge.exe 4832 msedge.exe 4832 msedge.exe 1536 identity_helper.exe 1536 identity_helper.exe 5404 msedge.exe 5404 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe 2812 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
Processes:
msedge.exepid process 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
CraxsRat.exedescription pid process Token: SeDebugPrivilege 5440 CraxsRat.exe -
Suspicious use of FindShellTrayWindow 61 IoCs
Processes:
msedge.exeCraxsRat.exepid process 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 5440 CraxsRat.exe -
Suspicious use of SendNotifyMessage 25 IoCs
Processes:
msedge.exeCraxsRat.exepid process 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 5440 CraxsRat.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4832 wrote to memory of 2452 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 2452 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3488 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 4940 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 4940 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1136 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1136 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1136 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1136 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1136 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1136 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1136 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1136 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1136 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1136 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1136 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1136 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1136 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1136 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1136 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1136 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1136 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1136 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1136 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1136 4832 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/CSFn4d1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f56546f8,0x7ff8f5654708,0x7ff8f56547182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,4751670325786286286,10592511000552425777,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2316 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,4751670325786286286,10592511000552425777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,4751670325786286286,10592511000552425777,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,4751670325786286286,10592511000552425777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,4751670325786286286,10592511000552425777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2332 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,4751670325786286286,10592511000552425777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,4751670325786286286,10592511000552425777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,4751670325786286286,10592511000552425777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,4751670325786286286,10592511000552425777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2208,4751670325786286286,10592511000552425777,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3212 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,4751670325786286286,10592511000552425777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2208,4751670325786286286,10592511000552425777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,4751670325786286286,10592511000552425777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,4751670325786286286,10592511000552425777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,4751670325786286286,10592511000552425777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,4751670325786286286,10592511000552425777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,4751670325786286286,10592511000552425777,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,4751670325786286286,10592511000552425777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,4751670325786286286,10592511000552425777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,4751670325786286286,10592511000552425777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,4751670325786286286,10592511000552425777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat.exe"C:\Users\Admin\Downloads\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat.exe"1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/Hidden_Blaze2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8f56546f8,0x7ff8f5654708,0x7ff8f56547183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/Cracked4You2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8f56546f8,0x7ff8f5654708,0x7ff8f56547183⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54f7152bc5a1a715ef481e37d1c791959
SHA1c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA5122e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ea98e583ad99df195d29aa066204ab56
SHA1f89398664af0179641aa0138b337097b617cb2db
SHA256a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
288B
MD597aee13aefc3eb2b73a7b0d1ff0256c3
SHA112945065a27b92821ec20d71a91d0cacaf80ed9c
SHA2562dd136a0932fa1c05e26efddec7c105de6d07d75ed193a1af6a69917589da6bf
SHA512d6190892d014f2cedbe7e835b5fd5a9c0a0c72eb4961b3adba1a444aae80f953029082f5717e139484e2aa746d8453564cb490a584005481c2d1d4adbe75c356
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
312B
MD501fec30594fb551f53de923bee8dfd67
SHA1ab8cb4c43fd02a90e63a1ba53efeee041f239964
SHA2566fa8d592d57cf7596c92ea1b24856700710d249ff9c8980c2a02179d3d94064a
SHA512a4256a3d490e0ed6724fc2135e6e9efb4dfd6ff4cc2fe7ef46cf8fb32faab080825f8616e2d72999843b1883c3a3b129244a05cb9eb24b9e6be85771304d16f8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
739B
MD51b1818e3ba65d586c8f46890cebe5d9e
SHA136e03b19af10d4178f70f2bf1ff2524aac4d369c
SHA2569d60c6a3c9bd6ed6b999bb33fd6e6d5e2f249710e322a327b2a2bbf1c5e99cc8
SHA51208b215df6f65e2d9d0485d51d080144a72e91048ed80f3c790205610ba2207c5f950a891c316d7d069483b8ce318cdd8cbd5d884b0d191a4b4b9b8f1bfc2e65a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
317B
MD5afc6cddd7e64d81e52b729d09f227107
SHA1ad0d3740f4b66de83db8862911c07dc91928d2f6
SHA256b5e81a7c7d80feaaa10ee7bc8aaef9f21a5c1e4b03b3823ed115022311d674a0
SHA512844edb69585153c378a7c97709983776fc9303a32fb5ef8122ecca32adfc0b265f5ef7118ee07814da5c020ac7ba1bf2a2f66d46312e4d8e6df99aab2e5f9b2a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD501c2c3177e175d5cc58338a71b45eed4
SHA10fec4de991e0ce20db05bd7c743538c4f48b2a23
SHA2563df3b164547c9aaabc61b0761803954abf0eae4478bde7851094053f61dfa120
SHA5123161ffc6e4242f73e14e6730b5ec22732cdcdbf16f001efc302adcc2b1582faffc156a85c1b6386668c35dae4c758e50fee4efdde9b53962bbe2d8649ddd8e0e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD512a142614b021e38b1eae76344254e94
SHA1520d08f7f9ea2770530402ae3f6f273907a2bd42
SHA256289fa2a6742160d0d201da2c3d244fe3a844a5b5629fc21b47e3c010fdc24d92
SHA51258e28ab8744f01504781911583df97c68ba55217a56b6fa1bc599684f41b8a624e3c672b6176047063d10b4be014f6b69d1d8d3c5fa8b54d52d42b52d8e65526
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
872B
MD5747e1db31bd8b3879995251822033d9f
SHA1e32cbed0aa81525bd023bb6369433723d6c23770
SHA25615e935f31e1e03b9a786c80ef7c6f6fa0be7278cd5d533d846fd928717796507
SHA512ddc4ae217b4b2733b3ee54871e8992ccdb433f1928dda89751af464a670811e861d28238c8058d264e94d01a47040d04e0dc8e113f01992b7ef55f3df932409c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59ba2e.TMPFilesize
370B
MD50d14a555947edcb6c736ebe2e2b51ef8
SHA1d4d0ea72751006cf7bd52bccfbb4076185876bd5
SHA2567ec4baba20bd1061ecbde5afb70562aab158009e61caf43824b65eba70e65997
SHA512ab732e2eb506697cf6067c4cb75a7a8177799b7b4c12dbdf2e08d82c019a74055abf2bdae4a1b1f100712ace816b913b02f8e948380b752b927730aece0fe9b8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5bc2335120603ba6dca2e4be2ad585821
SHA1eb0d6cbfa70ca0db13c721af3f2aa42ad96aa8ee
SHA256a34f506881e92654930c648a60e95bac306c989c2e1d9bd5a41f06f86bef7e97
SHA512063b5e16340cdfa0d80c3188e491f297e4ff7c859ed8353b2b0de94080b18aa5799666eafbd5c9960d2cd8b462fb8d8100b679d5dbd138a964967e608ef75203
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD50dba547939e0052e3cb7f442164de3e1
SHA1659b815e440ba126014af5fd42d5d507f15bf2db
SHA2564badddc9543a538b183078b3eb7dbedcb9b116906a7dbb4efb31d8459121e952
SHA512a5c084ecbf87d1f0fdc58e75b41dc560af3e1e178d447dcf969b675726628b7b5faebaa06182201afba788924dafd5631b19243e90f57ad1729a0b8d9c6eb7b6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD58463c9719e0ef56ec4f6a5e1a45dcf0b
SHA1bf13c6344daadffc0b581025628dd2fa384ec0cf
SHA2567b06825007079fe39ad6b142f1ebf93fb45dc754e6e6aec8a720e33fe57fe2c8
SHA51277d422c5a085863881d27a6d1012b1994129cef46e76bbfab18c1e5096288a72b98ec10dfed39b723b370482114e4fae27bb10e47ef8cbb55859573d28704df6
-
\??\pipe\LOCAL\crashpad_4832_OICVTMAPZRHYEEZWMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/5440-200-0x00007FF8E3A60000-0x00007FF8E3BAE000-memory.dmpFilesize
1.3MB
-
memory/5440-211-0x0000029833270000-0x000002983329C000-memory.dmpFilesize
176KB
-
memory/5440-212-0x00000298332E0000-0x000002983331C000-memory.dmpFilesize
240KB
-
memory/5440-235-0x0000029836340000-0x0000029836376000-memory.dmpFilesize
216KB
-
memory/5440-208-0x0000029832D20000-0x0000029832D2C000-memory.dmpFilesize
48KB
-
memory/5440-209-0x0000029833220000-0x000002983323C000-memory.dmpFilesize
112KB
-
memory/5440-206-0x00000298333B0000-0x0000029833556000-memory.dmpFilesize
1.6MB
-
memory/5440-201-0x0000029833FB0000-0x000002983501C000-memory.dmpFilesize
16.4MB
-
memory/5440-199-0x0000029814650000-0x0000029818730000-memory.dmpFilesize
64.9MB