Analysis

  • max time kernel
    73s
  • max time network
    165s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    01-09-2024 16:31

General

  • Target

    CraxsRat V7/CraxsRat.exe.xml

  • Size

    8KB

  • MD5

    f13efc835b72885da0b75a0287818b25

  • SHA1

    03b94dc9f9e1899025da7ac81cffa68bccdfede0

  • SHA256

    32522811005521592ad64d2b2a9fcb8b2b304994f042a054f89bf13ab8399ba5

  • SHA512

    fd66007e6d7292563f70fc4812e4f27e6f029bbbf7df386dd596d7379e316592b60ff181272489488f921d575160acad97a1a417efb2a76468e34e5390c84c76

  • SSDEEP

    96:ur71H7K0rTZHyZ90nDP9SbujEBKgFAnuAnznVuupxZAEcHn4abLintYIWVv/xSpi:ur7x7vrqCC

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\CraxsRat V7\CraxsRat.exe.xml"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2804
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2836
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2932

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0b80e6d445ed881bf1332ebce5e4eaf4

    SHA1

    5d8118976d11133629157c1c869ebf05828ab9ce

    SHA256

    37a942508e7cd69cef944625722df5246196e22eb7dd5ac1d88c80efc728525e

    SHA512

    5991e2dde2160229128e2303e60874566a52f56bc42a6d72fefcd651042ce653efd454371ac6c146faed0018c1917ef6222e5b50babd34aec4ed21c57d763c02

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cc815ca753af684b0e2e6154213d20a0

    SHA1

    097d291879334fc1b6ff242fdfa2a98ddb6e90a7

    SHA256

    a066ecdb9bdf6b468c7513d3605f06e0b6d2671ad812a19aba51e724895688e6

    SHA512

    2a72f430526065263dc5a805d73a592069a8a57069fc9b00a1259537e6a60167234117c478f5fcc9b355641ef95377b944116c5f18a0389a0741378083028ec5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0e8b5d9aa9e4fb79acf45122b69970fc

    SHA1

    4e8ae5abfd5733cc023de4aa83897e3480fcc8e8

    SHA256

    0f48637c8ca937b7e04465bf2413b09c3ebc08a3aa124642f93e5c8e89480f9c

    SHA512

    61313b3548fe3659e57a29910d4f9d0abb2ecad15e0b05d17a6d8d8eba9d022369cde95034f60985a23ca8d833fae7f9c7a4d858f9d1d451d74f788331979174

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6ddcdc053db5402ddae72ceb878fd0e0

    SHA1

    98b1047180a494022b9323e7e6783c30260065c6

    SHA256

    2f4a165f8f083f3efe4bb92548dde1af94bd6c1edf82bfee95f5f9cf3a840337

    SHA512

    53af87a51fccebaa5fce185162cc61856e4abfb3ddbba92b06e297e82c7cb4300c5af08eaa0ec1c90a3d0f430bc86c46a25ed1c315398c0a8065863328f59b91

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6b1ecf6455cea6d1e3adc4c4e4969467

    SHA1

    715be29e97ee297218ed44f3ac42bb3c67811b43

    SHA256

    c0ecc8291b1e8a4c2fbe117cdae6350b220d88bbf3ae130ded169de65e6c3064

    SHA512

    edd508d668fe9b5138052d1ca64a78552407f7bbcc8137e1ec48aa467e6eff351978397ea8b9fc33c055e94accf995ebebd45d8ca2761584c1aed81e867adda8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0048d97e5555eb8bb67bbdc89c788250

    SHA1

    ab886bdb8a87b5746b2c34b15487f1f79304e172

    SHA256

    9ad361057f896006252c0ed9d7d8f8f91f30735902c7f25bf7f81fae232faf48

    SHA512

    afb4869cfbdd8667b8b55e44ff1954a4ad979c9b46acc73e8f0e3dafba207f806651e144c4ac517719bf94c38665479fb25bb429513931ea38a0a118dd6a3486

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    655b56866f324dbe3eab76f8cbefff71

    SHA1

    16a3b24f691421d483869fd498a97e52dd8df578

    SHA256

    fec37d66b7867c91abc67043f4b586086c2e7703055c4ccc88a6a9429833bbd7

    SHA512

    f6cdf9a8fdc50827092b12110d74af116a7ac49848b3bc114a70f06286403a1fd52ec8e968cc5acd2b378229ef0d4909bd0386f4f0faff28f98800ab67858364

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b7e5b37aa11fd27173b9cdfaedb15f39

    SHA1

    dc43f499c440d34d7a0d81ed57cf7dbdbce1ba2a

    SHA256

    6459ac7284fddbd188647bdcf2532ac5fce7205bd609e7b218e70f621a683188

    SHA512

    5cee65d2bf56c7e689a9cc3e9a8a57e1ca7569d87051eb9e922dd7d10a3b63a2ebcbd4b44e5ddd0c47f1673190ef2f425b97077011d8007ca8797e9e84f6d43d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    efcc8f679616f20533f199460c0e973d

    SHA1

    e539a4ec0e32a98d7bd675555e218567724c3489

    SHA256

    021ddabcc6f5a6588204fd14b75af918ecda554874974a85e594a9f47a67e39b

    SHA512

    e97bb54e7b65cf5c5445bf0a80baec39dca2d4ec0ac8e3a606fde3785c6033c12ca6689d282a38f014779c25220f88edbb3753532fe7bb350262342cd1d6465f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    52533df0372923caea78c1e0e99bfe2b

    SHA1

    26f9619ebe8fe78de828486d856f65050f134558

    SHA256

    5bbea645d75515d51de243e0a6a26c406b82f7f2bb61e5a0b0475e0c585d7b97

    SHA512

    a7768ccfca74dfb4073f8216587fdf1e93bae0125ce7983548dacb237c6df5f883fa477fabaa0069a2a686d8b7fd991df5daf8909ea40d5aded896144827ba12

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fc5c892915b369f9f290a9e3c934e5c7

    SHA1

    81ebb06471c83c67946dcc996a69088dc52678ac

    SHA256

    26925504b7fd96bcb906feb10e3d5e005ddd4f02fd6fa672b74cc2d1be5bc6da

    SHA512

    7a921d088845be17433307f8884edcc836b67ac6c489c0012be54e9be7da5848770eeb226a3318d8d052034c395b8e0942506e01a6179f98b3e560e485daa6bf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    23d59a2c4b9f7a3a59f1b0ae7458234f

    SHA1

    7e6cfff27cc23a1f677a6f923cd735334f56a671

    SHA256

    41e5677009f8e4ab964562ffd05bae96f1d12a034d892ce1454e808409df1657

    SHA512

    d7479010967096efa7441567492fa2ebf045271a140dbb8088ceaa6201457b4b3328cebcd142f7b44bbfff2d048fc380d522c4962d123af17f15c565b35574c6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5488d9296d157f91b2c1bb6c27b40267

    SHA1

    3550974b24897ea024becc03700c3e14eb998c61

    SHA256

    e9a298c962d46e5b9b35960d8bda0663342ff0b3542b47e0a4e6d5266356b76a

    SHA512

    a0596d588a1360befa6f6d35ee653f29fdda75abdf3b53e9024ff327f92c187b1fad6b7449f9312c97b02f01a8baaf4ca5698cfa47045c24009c512038e0e61e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5222e7e20f489e51e89a150236f4e9a1

    SHA1

    5f853734af6e33530fabaca8b619d1d1c60c7983

    SHA256

    da8f10947a826bc5be1ab564fb33d483e622c55b8bb6e5366c3c2d472cb53400

    SHA512

    52d7f614e48c2c55e2e9fe84729ac3d64e3c5d0729a0c28dd462465a1646e0e6c4bcd2b8e1b391092bd8452fd42dbdd27be1fdc2f9350454dc58db951bf24dfc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    699ad9fafeecbc96fed396510d3723ce

    SHA1

    28026ea35ab5994350dad72c3162d7634339411f

    SHA256

    d965ff72651e7f61988849c62f66aed51a70ad6c5e08d352548178b02ca7c744

    SHA512

    2b8cc2457f20552a38a3eb967482f2e05b515eb8ff855811cb975b1dedd10896bee3e22520dfb778f480475bacb3606399fad89b0b05803f5c1529a784cb6476

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1fe29915ada71730221a1fd08ec1a95f

    SHA1

    81ab32b20d1a82c460d614785bb413b66c66486d

    SHA256

    9b8ce2e69d44a8fb46f3a742062b232aa9444a531c850f579ae72ae316a64ba2

    SHA512

    7ad5b5386542566ae4879c451b6796a086b40c9e23fc006f4d322084f6fe756458dce4adeb963f4b6837bd015f2d2827728bdfb56a49af2f99283f54b724806c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9a0bdecfe9599d8f6dbda8764aa90ef6

    SHA1

    cedf7a5489d071f148df06a36b94e27e220f3002

    SHA256

    e47008139870bc9c720075dd0387a03b7a6d9465a353f30a0e4241010621831e

    SHA512

    d53d1a1419242bf60889dc8726a385df5be0f374ca2be0f978c44e0b509f7312f0cc32838037e1aaf350991a580faaf5617f9c76dd0e84d36a359246de595141

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cd9b4275cf6db5a62a60056c6115f430

    SHA1

    2619ff88ab7d3ff4b819e71fae25de7662d9e499

    SHA256

    e03ef5c2d0847fb5e00708bbdd4d988222e32d0aeefa29150dd3760fffcf6d9f

    SHA512

    d500a22a93e6f3dc7297ea57612233c4d645c40b676476f62c24c55abd0605f9030af911c7db67eef7e0e1c18827c063bdc1ef86cd288df8e539485a98a0be63

  • C:\Users\Admin\AppData\Local\Temp\Cab4674.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar4753.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b