Overview

overview

10

Static

static

10

CraxsRATv7...V7.rar

windows7-x64

7

CraxsRATv7...V7.rar

windows10-2004-x64

8

CraxsRATv7....4.exe

windows7-x64

3

CraxsRATv7....4.exe

windows10-2004-x64

8

Resubmissions

08-02-2025 04:50

250208-fgkx9awmfx 10

Analysis

  • max time kernel
    37s
  • max time network
    103s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    08-02-2025 04:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CraxsRATv7.4 Injector/CraxsRat V7.4.exe

  • Size

    62.0MB

  • MD5

    d125972b55d437d2dc9e89cfa0e81785

  • SHA1

    2b09d5a4eb8a239790393f06b0af1d4cac334b91

  • SHA256

    df4a1582b2d000cc4ddac50aec247fa92ba13b3b822f6e05cb529b2eb94a07f7

  • SHA512

    7ffa6176d28bf6d17f390726d5cb7f8d6b6f07adeb3b382d2eee4148f5b6ac0693421d4ef3e17b8fb263beaf3997bdb12fcd4c83199f55ab1ae9aa620a33d17d

  • SSDEEP

    786432:8c+NX10EPRuHoA5AKF7zR/t6tKF+iS6JkKgApbLKo2:j+NX10qwAMzttZm6CKXxI

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CraxsRATv7.4 Injector\CraxsRat V7.4.exe
    "C:\Users\Admin\AppData\Local\Temp\CraxsRATv7.4 Injector\CraxsRat V7.4.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2944
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=CraxsRat V7.4.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2788
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2428

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads