Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

CraxsRat Pro v7.4.exe

windows10-1703-x64

1

CraxsRat Pro v7.4.exe

windows10-1703-x64

1

CraxsRat Pro v7.4.exe

windows7-x64

1

CraxsRat Pro v7.4.exe

windows10-2004-x64

1

CraxsRat Pro v7.4.exe

windows11-21h2-x64

1

Analysis

  • max time kernel
    23s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07/09/2024, 13:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CraxsRat Pro v7.4.exe

  • Size

    63.7MB

  • MD5

    43a7869141f8d0c27ff9a4b4b242aa3c

  • SHA1

    9032dfe6bf31e646383db300183f02fccb28c7d5

  • SHA256

    80b0e2088ef10b54fc32db663a53be2211b4ed47cbb025a0fa8bce365e99ad64

  • SHA512

    a02ed385f59f9aa8192050c27fdd18be3682f0477ef9ba5bf46317d17be48ba072a81d850fc14eb99f33250a0c45c2d1ec4a8f8f0a8bdf3bac89ba6c4da3f438

  • SSDEEP

    786432:kk+NX10EPRCGZeZLHoA5AKF7zR/t6tKF+iSFgAxTKo2:X+NX10q8GZeZBAMzttZmFXtI

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CraxsRat Pro v7.4.exe
    "C:\Users\Admin\AppData\Local\Temp\CraxsRat Pro v7.4.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2428
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2428 -s 532
      2⤵
        PID:2732

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2428-0-0x000007FEF61E3000-0x000007FEF61E4000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2428-1-0x00000000010C0000-0x0000000005076000-memory.dmp

      Filesize

      63.7MB

      Download

    • memory/2428-2-0x000007FEF61E3000-0x000007FEF61E4000-memory.dmp

      Filesize

      4KB

      Download