Analysis

  • max time kernel
    119s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    01-09-2024 16:31

General

  • Target

    CraxsRat V7/LiveCharts.Wpf.xml

  • Size

    171KB

  • MD5

    9cbc27f6b1afbc7f43a9ed07f784a73d

  • SHA1

    c15b3540ef31f3b229c3ffd6f5602aa7c04b3928

  • SHA256

    c18a11b019a56ec8e5916042a9f23a8655ea199bf2a4319573b18b7e035e3914

  • SHA512

    c39b9c022d8ffc6d651e6bc4aa60ab435318b69571e97c71b7ebb0c5b25d0b50cdb235ba4302c689be132e32fc0d13b686db5b4fa794f8db8342162a55dece58

  • SSDEEP

    1536:6/Jl3Mw7VTlv6aoz/Jj3WCQOtnPsJyjJ7t6U:oMwLv6aoFWCQOtnV

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\CraxsRat V7\LiveCharts.Wpf.xml"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2528
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2176
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2352

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b476d317b798a3445417c9c08a2a0002

    SHA1

    1bc81a8b5060d06e1ec56f4024564be382de07c1

    SHA256

    c6238ca959df674f65a74ed65c6e23b447d7898c7bddc1b9c0bdfbe44926be39

    SHA512

    d5bffaaeaf7f7273e0a121b4f6413106ca415af57e925595ab0ca1dbfe104d1f9b20356101a24a4f5152644b584326c6bf40c6e089f36507c51d89bf4680ddc9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    18c2638ec28bafe5986e7a0782bec994

    SHA1

    67abcaa094496ab408b62d0047a180d6c50b8d50

    SHA256

    f1de46b9745d4ddf3e2d9db6926f020f3adc7e43fbfb39c0aa1d0a7b85ac1d9f

    SHA512

    a4cd9fed9740df35b7861ca5fa542596c6c3feb9276f45375705922a4d3baa45207848048a1a841c82e83cc297a9a0028add832d8ac2a81116151f6f02974589

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    acff5a31f6450301245ffd124ffea68e

    SHA1

    5aa27cca398bc1c779af30cb4d2180c786f31e13

    SHA256

    2cfe774f120a13fe4a532587452682be8789422df41ff6db56ce860e304bc197

    SHA512

    1fe7ad2451c25ead42b513ffe9d40a9d07b9a4d4d09e7356877bc4eef93f3b4a27bdb68a9f872a358073eb00047199855f4080a231d99529280023c0fe11e511

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    28471b1885ff77a67018b27182cca0dd

    SHA1

    d90a45787efce9d05871a2e6966a865d764868fe

    SHA256

    f8251057c154ee25b32792389ee22dcfaa7b2505f18ea27d504aafdbff1fcac7

    SHA512

    51fade573068aef6d39c7b88a8c9d6cf37bf4d4e9d4ad2328f765ca1c01ee9f677264b409f463724fdfd7318f10a6d7f6cedf438c1551df5ff17feae31dc3400

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4c030a3887099137afe94952cc724ccc

    SHA1

    81adc0aa25b8252f27c5a380308e7073f9513bb0

    SHA256

    c946aa46da45f4ae88d2ff983ad33fc8de88a280c6818816f319a918760a9f0a

    SHA512

    80191a3fc51d5bd7f8f6c93bdf71e38965614c422721704202ec164d7921b6aa696d8ad4929732f69f292cecb3931d96ca2021781c8dcf779c0ea93055a0657b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1809b31c62db76fde6d28115d9d69a07

    SHA1

    23c55cd410fa65c0274ce5b28376f0d7eeddfabe

    SHA256

    ab8fe9653e2c765915dbb5404184b3d3d7e96293ecfbabeff39ff9a8b3447e66

    SHA512

    42671171f8b199ae6fc88116512a47d52485327a3ca2c08e804b0f8de19e828d9e88e88afd2a1ae79391c8baf6369118947359f6b740437dcfc072b0231c635e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3268fab211f488a97cd4bc1c24b72898

    SHA1

    5d95fc71f4112fd0f09c4b031f8666084ad5e491

    SHA256

    1dfe23cf5f22ef8a2710bbb0c5101e303a5fb6e0a8ffc74b5d1bebf5125ff1bc

    SHA512

    be12e0656f1b40f8b81fee56d034fd977c2aa3a9db1c6cfa4cf6359555346ce3293178d519305b56698e05d70f3d670e89fa000e2bf3f92fc897d59a40b7f7d1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dc2ad4faeeddd69f69c3632e1256bae1

    SHA1

    7662a763f77fc494eb62db1aaf99754f3d858a26

    SHA256

    e20c0f8722cc6f39febff1bce495cdcc69f8b87f387ce110c730cc12376bd84e

    SHA512

    04ee48a26857fd0356ebead7b750b796c9432b1f5e4e308e6a67dfd40a0101cc3ca18e134ce53c5208f384f6cebfd8f3a5c06ab4b5acda678ff072437ff0c06c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    90c0f533b58dce1122e1f641bf357948

    SHA1

    456f4b6f9c1be6171119a17395a8f1588c51d3dc

    SHA256

    2f3513f876e547669b6d2ee4c692d08f0028ce35b4d9e687d6207a8d84c0eb2c

    SHA512

    3a7a0258012938257b7cb4fe054639a84aae30ce4172f787267595b7b6969532853d087e29c2deade0ebc05c2606debc001101005c7c41e0c43f7221f0cd8236

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3b4a7411a01d873f8967aaf4526cfd87

    SHA1

    2350c1b803cbd64780ac52599b8c5cd4628774c7

    SHA256

    957fb1e6dcaeaf401eae1f640d0e9a65d3e7586cacc04dd895aa515583d5646f

    SHA512

    87a89c6055840d86256109ffcd152afc42cb709b053c585e768f894c81bd1fd009c6c044f2ac33b6ad5e8016ab24f314b185363dd141ae94844ff079c582369f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0dfab6ab99baaf0228f9b782cbb633b6

    SHA1

    48196888ea5827b048d67275e5c085a7588b8104

    SHA256

    061b3a81cedbc37183197ce88ff86101c4709985ab75a11eeaba0cbfb7a9b90e

    SHA512

    b9f71f69686fde94d8fbacd22f49dfc7128d8d59afb753ff5b423d6eea2d1e20ac23c509466c154b3b84f025d81d981a1d4982365f775a4ef2644bd4caa884f3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    27ffcbc565672cfe86860869785e4b65

    SHA1

    46e2aec10c9447214663a700c1336cb84c664c7d

    SHA256

    cf30a8a79ac711361e750ed642583d593be9c39d5afebe39c2554b8891b96fae

    SHA512

    e4b06eace6fb1278e8f04d6c86f5077528460a3b74af858412c23020b8c26f19819e63bd05d68b4fc9aa0ea4ef9a3253d6c516744f05e6b69d1b74be92a29fc8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6612e828e52df8f72b01979fae61fc49

    SHA1

    cba39e024b0f627917cb3614ca0343eb649f48cb

    SHA256

    29ac30c800ea405d151e6fc1b1440790602596637c5ebe09296d578453b699ff

    SHA512

    6ff4f5e5df4c2561e07353fa4eeea42e5b7cc41e5c3c266dc88f8f921c44cca97c2adafdcc7c167861982e5509991afc6c99b92ac9e8c13a4fc96ce4a41d722e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f5d0a8b4110f9d76c8ea1f8f1a808dfa

    SHA1

    394018a0ff1c1519f9ae96bd26d2feebe5b6d16b

    SHA256

    2fd9c2e1c686bd5eda3bfcb843908ed3dcb8ed679bb46b1475d3c68a68d981c0

    SHA512

    e383686a1557db4afb53a01036f4ce2f7cbf6cc31ac8a7ca2e745aabdb5c64614776d9921d0c8371e4a4b6c91a375bba269b423537f85f069cf4137a3af75ba0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    25a365770907885b91074127a31d9d71

    SHA1

    36a08838a26d5ef22f339e528fefd6864f11efec

    SHA256

    8217dfeb32bf4c89f19f935eebc375917bb7b55f07469924fef7959e723fa79e

    SHA512

    e8d88a78768cd8204f06b3495c911be11432e7d9f9a9d884137c58b0959e6c286d3a3352d62f2a57f2b230757ee103b43a05cba0ab8bb8628599307a75aa712a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fc8c6c6759f265e4c45743100f47ce5a

    SHA1

    4b6e6ac7fc3b5a40575bbeb4bdac2f9ec9d67593

    SHA256

    b1005d5101c3824590af08a56dd3f7a849388b026a15696309e88d0052e92494

    SHA512

    75a2d7ce2e16ea6575c17ea6996e42cf0e2036f28a20d92d078636e5e85bfa7f1218f2b716a27a02e89a7381132be6d497ed1c08dc4d5e999c01575bc20333d9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1557826eba1bcb64912038ae1630c712

    SHA1

    a889ea375a55c10766f948bee10518c2eb714f4d

    SHA256

    b18ed023234cefb0c829cf02b3c6cf0311323afb9d4da2459de2207b25c5b426

    SHA512

    7ac7bb08a8d8ddedc1f0728f48f727e145ca5aad1605f868dd7f46d93aac692ee4973adb2231735ffc3f56dd433f510795233ab597eb8643a2f38dfeb5f0379b

  • C:\Users\Admin\AppData\Local\Temp\CabDB93.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarDC22.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b