e65e827181c969d994ab0e9020339d4a5d42b3dae155bc0d4554d4eda1ca11a5

Resubmissions

08-02-2025 04:50

max time kernel
151s
max time network
65s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
08-02-2025 04:50

Target

CraxsRATv7.4 Injector/CraxsRat V7.rar
Size

275.0MB
MD5

dda4898e5a52fef5ca616c2949629b70
SHA1

56ee2c69ae30305eae65a235d4549172fe397b38
SHA256

701fbce532f30a3a0e26add59a7c3ab810965188f6793ef6648a5d8c1ce68e5f
SHA512

0049b7bcda618678c48f7c4b4155db1b695b3686adca0655b739464e0f13e8b058be53123792f73563754b6dd8c79ae7efb09d8f1dc28d50fc78eca0134abfa1
SSDEEP

6291456:u964iqpAEAMfykkRm0yP8SkwORpmPAMDK:mXiqSEdd784vP2

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1852	CraxsRat V7.4.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2836	7zFM.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Suspicious use of FindShellTrayWindow 3 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 1852	2836	7zFM.exe	29
PID 2836 wrote to memory of 1852	2836	7zFM.exe	29
PID 2836 wrote to memory of 1852	2836	7zFM.exe	29

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\CraxsRATv7.4 Injector\CraxsRat V7.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2836
- C:\Users\Admin\AppData\Local\Temp\7zO41B35F39\CraxsRat V7.4.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO41B35F39\CraxsRat V7.4.exe"
  2⤵
  - Executes dropped EXE
  PID:1852

memory/1852-11-0x0000000000550000-0x000000000435E000-memory.dmp

Filesize
62.1MB

Download