Analysis
-
max time kernel
117s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
22-05-2024 17:20
General
-
Target
CraxsRat VIP/CraxsRat VIP/CraxsRat.exe
-
Size
87.0MB
-
MD5
d87d21db061026bd81a29b09a7674769
-
SHA1
4a398ac89d70dcf511fd853839355105250ba7d5
-
SHA256
6f6c5af7a14cf93d214f579d617abd5253821643e002562921945a8f2775bb06
-
SHA512
9b3fef9e28b94bafac58f16a066c6e23eb7d877e95c33d77423d43f8692bab72fec433260a1dd36ee28800550f8ab1258ce727ebb3340257c96de36c35bd93b7
-
SSDEEP
196608:H7umWewROjmFwDRxtYSHdK34kdai7bN3m2dFG:yD8K2pM9B3QsY
Score
7/10
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\CraxsRat VIP\CraxsRat VIP\CraxsRat.exe"C:\Users\Admin\AppData\Local\Temp\CraxsRat VIP\CraxsRat VIP\CraxsRat.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\CraxsRat VIP\CraxsRat VIP\CraxsRat.exe"C:\Users\Admin\AppData\Local\Temp\CraxsRat VIP\CraxsRat VIP\CraxsRat.exe"2⤵
- Loads dropped DLL
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI11762\python310.dllFilesize
1.4MB
MD54a6afa2200b1918c413d511c5a3c041c
SHA139ca3c2b669adac07d4a5eb1b3b79256cfe0c3b3
SHA256bec187f608507b57cf0475971ba646b8ab42288af8fdcf78bce25f1d8c84b1da
SHA512dbffb06ffff0542200344ea9863a44a6f1e1b783379e53df18580e697e8204d3911e091deb32a9c94b5599cdd54301b705b74e1f51104151cf13b89d57280a20
-
memory/2052-23-0x000007FEF5A40000-0x000007FEF5EA6000-memory.dmpFilesize
4.4MB