Analysis

  • max time kernel
    121s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    01-09-2024 16:31

General

  • Target

    CraxsRat V7/LiveCharts.WinForms.xml

  • Size

    26KB

  • MD5

    32fb534a5d1468039ab63333c336d841

  • SHA1

    9881f184ee203e6e1f82883a4255801f8749cff0

  • SHA256

    a39d20b8553196315005a790d0cee6636e123744b67ee5da88c8cc61a05919db

  • SHA512

    e599fcbeaa5373829f18c1c153d7471c2e8262611f73341b50dad03b7cfa4efe17577d9e9950ca2d17e0ed018cca0597814b2657708e2d412ecb2c3c5941d41c

  • SSDEEP

    192:895swXLeFrnQUFFCPggAkmmST7TzVDN9CTNr3UDUJ0Ja9IxzpPOx/1d+Sz3V/k9D:geM4T7T+r3UDUJ0Ja9SSd+Sc

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\CraxsRat V7\LiveCharts.WinForms.xml"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2404
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1808
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0f60834905a1c8021247ba1529690300

    SHA1

    1d50c727ce951c29fdab89ee348c5775da2950d9

    SHA256

    a52730bd10187dcec62699b47e1bff88ee609fbfe3930d219f144019ac11bcf5

    SHA512

    9cdfff98d8dc284b09da2594cef0d5f290f620d1daf4e35fe16205bd7d4f82af5e020faa9ea8c78166193153b9d0c89d5ddc97e9100d453dee888a525dfd402d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    74f718cea1e680273bff140a694f6aef

    SHA1

    37d0ef7db7a1db705b7508b81b33521c6ef1e82f

    SHA256

    60b7b802455b9f85962a7c854decfb890ebb41c19b11a359c8aaafb80d81ec0d

    SHA512

    9091a32be8866f95fec71d06a61d66e84999978d2539afbc2522137079b0ab9a337ce849300fd8d408511e29d0d1cfcf07fd1404ab23f9fe54a5e0a8c756c857

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3d8398916594e3c914b1e2ccb34d96dd

    SHA1

    660c31a0cf53805abf2048e49de8136e8d09377b

    SHA256

    30fc7d658a2cf321e9aeed59ed316a233ccbdf629331bf65262b34c739f4175a

    SHA512

    0c6fde43ba4680f0e8fb8ddd49a2914b8e7c4483488931de30eeb1c046ac950ba5d72a9ac15b4dc25ef3b149042c9ba44aa3b00ada9889dad9c3c2847d0b70c1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7e92754e2a6db16901363607c6cb66ef

    SHA1

    5ed7cc3a544499b2bc728ce4d63944a02222b472

    SHA256

    a10845c9031f8949eeb7e5cc6cc8e9a1e6a129aa7e1270d7606c14eade7267f7

    SHA512

    8a06737e38b5d7a0e1f7312430ebe95a99fea1a6b53b800573c8fb8186e9ecec64c7e428c37e267a294cd49f95bf91a2826880e64ca26f6e8b4738417668cbe0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a94a69fb7605c3acccce99b976bb0df5

    SHA1

    c639af8f1dada335fc3eebbb37441db51fec5f37

    SHA256

    fb5bc480ddfafc6ba8da869ee6bdfbd56aabe8859be8ef755b9ba4e6e5d0b67a

    SHA512

    552628c50a95af4d1c72c0129e0d378e2640a728652535659e1d494aa2a5f24e49a50bf3ddd19b0209bcb219d7c7b2ddf4c53e8cdcb90a4ae7465398fcaa67d2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    247db592bd81bafcc0fd82a35e0fb09a

    SHA1

    ae19bf3ac2f4b6198763f74f32cba55b706acbc1

    SHA256

    b4edf3d8d37484e45eed2a295f69820f26c55b0fa5716b8836365151436b30f6

    SHA512

    61ec61ddebd87c644ee58bb30d4e98099997d8f0f8fa6eb18e75860d27a2f59ed0e8c8347763dec7a7b9e57b32fe3685713a0e7dd8ae659b2ffc9b0a3c400053

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2d2bbece4d557460d7be49a7fc85511d

    SHA1

    135b04ee385931234e0fabc8bd77ef53fe712a90

    SHA256

    5251a13134f1adac32429439718c742ba3a45cfd9f193d5385985e35145f5ddd

    SHA512

    3d023c87f57110208e7bf1cfe622309e774962c6cefde37c643969464e7e170c47301bcadbbe96e4f67435d227e4da0841ea9ab533ccc3092035b89225dddf2d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5a856e4753a0305fd1d736dcb42d79db

    SHA1

    fbd8a925a67342843bb76f66cc261b6525383c7a

    SHA256

    ea8fdb37706767157339215021969cb81e84cbddd54188e5f5e9508f88976998

    SHA512

    d4b9ba5e11ff4d9a4caf37b6ecd5f578c98165aeee6e873d9c825c28826f2d7b24498854995a2b75c28707f53f3b986cd4f2ca3eb6d71d174418b503101ceba9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ff39ffae25ea0c5e189b68619c6e8cdd

    SHA1

    f4359ae2f7df818b937983a7286ad556f9891f27

    SHA256

    3b6426672f883b4cb7bb332159d213d7a651f77857ebe97554211bf6e990452a

    SHA512

    a07fc74fe94bf541729856982300c85b8a08955a19b6e3972603f2a1f45528f76539d6bc92ca93178d6ca57d12cfe111fa3c3c4197f0624c7525ba9c4389ce13

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e1c5c4c97308058ed0bf46ccc0dfc6b6

    SHA1

    c52f668bffe841ab16126c3df2c2f3207e44c25c

    SHA256

    cb99503eff32ca40e2d03acbd30d7e7b53fb1f799bd17a03408468363d7c3349

    SHA512

    aac7ebce84dbb2ca8e6345cddfad951096bc8fdce583eaaaf87c7843eae014a40f0d8a844ddc0e34ea6c1b28276920ad299d7e0ab41ebc49969116360ef3d3ae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    802bfcf8cd5f1e9426543a9d53a42ad8

    SHA1

    666190d4bcf35c64fe68757670647d786f988695

    SHA256

    4da7727f441115c4c910616a48f74dcf79a53a3b0c8dd49dba915ff22dda9a1f

    SHA512

    547ab5209533db5a901dbf13d7e82dce674cbed64b7c56d2e6008e88786f22a3d2105193f36e9c27fba7a107ebc440db5f7f782f8425d66b10516095a97e1646

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    277b26f2f3a5a0b7b67fd94702a5c74d

    SHA1

    dacbb2b3866d7101af4db4c662eaffc1774182cc

    SHA256

    551cfc19e59e80698f8050682e1117d0d7dc62be3afa9f4c81f4df11da058434

    SHA512

    31919e122901e1f23e13276b206243d80a4f86382bc12fd9830391f0746e2305a6f07c5b5863bdb76e4f39f627bfd585854374cf41a52331e2b40934f17e06d0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    23de74152b4a31a6e349f255673d79f4

    SHA1

    55b5b1c7ab43027347dff18a71fd410d5c6c2cca

    SHA256

    79f5da3c9c5661177a4c365378b12dad35e57876c7b7610531673bc1775fa90f

    SHA512

    361ab11e3810a4df219550e83ef37ee1c24217c4af44d2426c1036539cb559780348412c4b8dab9023d971291073251b7e3f4d2b0aa0c6a6be01087b677f213f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d5e1422f5a6d73da2e6dba631ae20f67

    SHA1

    22c37e912c741d66d08f35f54be642e5d05fa17b

    SHA256

    261481a4c42862754b4ad948925dc6e8352da2132b146f0664edf7c55a23105d

    SHA512

    a8c06e2e6c481834708f457a78625dac5209246aca1c2602d2aca6cc9b832ed694a84d4f219b23975396003bbd01a1fc4db7c157c30125620d1ccc65be2ceba9

  • C:\Users\Admin\AppData\Local\Temp\Cab61C.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar6DA.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b