Overview

overview

10

Static

static

10

0811cf7c27...de.exe

windows7-x64

9

0811cf7c27...de.exe

windows10-2004-x64

9

0dd0b31f05...24.exe

windows7-x64

7

0dd0b31f05...24.exe

windows10-2004-x64

7

1ad888606f...e0.exe

windows7-x64

3

1ad888606f...e0.exe

windows10-2004-x64

3

1c77a07e45...95.exe

windows7-x64

10

1c77a07e45...95.exe

windows10-2004-x64

10

23f1c183af...bc.exe

windows7-x64

10

23f1c183af...bc.exe

windows10-2004-x64

10

38e891599d...90.exe

windows7-x64

10

38e891599d...90.exe

windows10-2004-x64

10

3a13e092e9...db.exe

windows7-x64

4

3a13e092e9...db.exe

windows10-2004-x64

4

3b9dabd99d...82.exe

windows7-x64

3

3b9dabd99d...82.exe

windows10-2004-x64

3

58fe9776f3...06.exe

windows7-x64

10

58fe9776f3...06.exe

windows10-2004-x64

10

5ab93bd422...11.exe

windows7-x64

3

5ab93bd422...11.exe

windows10-2004-x64

3

6b06c25fc6...43.exe

windows7-x64

10

6b06c25fc6...43.exe

windows10-2004-x64

10

6cc8001c9b...07.exe

windows7-x64

1

6cc8001c9b...07.exe

windows10-2004-x64

1

73ca5dd6d4...3f.exe

windows7-x64

10

73ca5dd6d4...3f.exe

windows10-2004-x64

10

7b931d48ea...f0.exe

windows7-x64

10

7b931d48ea...f0.exe

windows10-2004-x64

10

7d6892645b...0f.exe

windows7-x64

10

7d6892645b...0f.exe

windows10-2004-x64

10

9036aeb570...7e.exe

windows7-x64

3

9036aeb570...7e.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2024, 09:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7b931d48eafa703a99ca7f104daf9a7343b6f1161d49073b86f5a4700864d3f0.exe

  • Size

    82KB

  • MD5

    71168fd55a8d0cc983b653566d942efc

  • SHA1

    732906708ad72b0f41bbe8937d2b2014758dd18a

  • SHA256

    7b931d48eafa703a99ca7f104daf9a7343b6f1161d49073b86f5a4700864d3f0

  • SHA512

    fe374f46eb82c7bed927b48b45896ae3a0d118171e2be248905e2e14306e0c85ae4b34521b1c0af90cb2bb6f7fe45800d289ce36b4921067aeea3e9c2a9a0842

  • SSDEEP

    768:569iQap3x5Mt/+E6kmzVmh8uVHI5432rufLRoYFIk1eUwHXPmI+mL:o9m5Mt/+EtmzVs8ui+3IyRbykUHfFh

Score
10/10
crimsonratrat

Malware Config

Signatures

  • CrimsonRAT main payload 1 IoCs
  • CrimsonRat

    Crimson RAT is a malware linked to a Pakistani-linked threat actor.

    ratcrimsonrat
  • Crimsonrat family
    crimsonrat
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b931d48eafa703a99ca7f104daf9a7343b6f1161d49073b86f5a4700864d3f0.exe
    "C:\Users\Admin\AppData\Local\Temp\7b931d48eafa703a99ca7f104daf9a7343b6f1161d49073b86f5a4700864d3f0.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4156
    • C:\ProgramData\Phinvdir\nwrtharmas.exe
      "C:\ProgramData\Phinvdir\nwrtharmas.exe"
      2⤵
      • Executes dropped EXE
      PID:2752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Phinvdir\nwrtharmas.exe
    Filesize

    9.6MB

    MD5

    1b6498447e05011c6909dba800800e2c

    SHA1

    c6fe30ead8e88ad15184738b659774d39e421294

    SHA256

    24a44d00f2eb4a33ab4eac3ee2a4e073c57a588af47055b45f26ed15fe64490e

    SHA512

    d0437f7bca04b1bd02c542d52feb8fb3d5fa974e4f339173aa623f05f633d480acedaab20c60f776d1a1be3bc0ddb64e132378f4368d59c54fd0db0ba35f56a9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Phinvdir\nwrtharmas
    Filesize

    56KB

    MD5

    73e27034359edc3cdbcf2fabb4bb62f7

    SHA1

    9fa67130ec555fbf65de5fd5047f9573bef0e1bf

    SHA256

    fe2ef1da8fbcd0490601f30a0e0997ee1b42184a11f790b0f6bff6d17d8000d8

    SHA512

    2119125ce4ec289efc4bbf667402be9d91c717308b980ab270734747e2c51663fa62416f3e6b2dacf85d53e7fe3cf8061668d66f97470651ae92b917ad1d4119

    Download Submit

  • memory/2752-46-0x00007FFAE2D60000-0x00007FFAE3701000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2752-43-0x00007FFAE2D60000-0x00007FFAE3701000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2752-48-0x00007FFAE2D60000-0x00007FFAE3701000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2752-47-0x00007FFAE2D60000-0x00007FFAE3701000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2752-44-0x00007FFAE2D60000-0x00007FFAE3701000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4156-1-0x000000001B470000-0x000000001B516000-memory.dmp

    Filesize

    664KB

    Download

  • memory/4156-3-0x000000001B9F0000-0x000000001BEBE000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/4156-2-0x00007FFAE2D60000-0x00007FFAE3701000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4156-6-0x000000001C100000-0x000000001C14C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/4156-45-0x00007FFAE2D60000-0x00007FFAE3701000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4156-0-0x00007FFAE3015000-0x00007FFAE3016000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4156-7-0x00007FFAE2D60000-0x00007FFAE3701000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4156-5-0x0000000000FD0000-0x0000000000FD8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4156-4-0x000000001BFA0000-0x000000001C03C000-memory.dmp

    Filesize

    624KB

    Download