Overview

overview

4

Static

static

CristalixL...45.exe

windows7_x64

3

CristalixL...45.exe

windows10-2004_x64

4

Resubmissions

01-04-2022 12:57

220401-p7a1eabdg5 10

01-04-2022 12:56

220401-p6ra1affgl 4

01-04-2022 12:54

220401-p47vzafffk 4

Analysis

  • max time kernel
    4294184s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    01-04-2022 12:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CristalixLauncher-3.0.145.exe

  • Size

    4.3MB

  • MD5

    25b608146d97e46e5cb8d5d4a77440c5

  • SHA1

    ed5d75d64744a971a7bdb79ba68f4eb0aa7d2cab

  • SHA256

    8504825018e604414d2ebb1093cf249c2f1d56125f6f33a20b071d6a008b8dd9

  • SHA512

    3ae601c91d804c4d6c402ba73263e5749fafdfe35d68d510dc3b632a85d897bb1dc0e48dee4710deaea5932bcf34deb9ca13d4c0c664848abca0372190fb38b9

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CristalixLauncher-3.0.145.exe
    "C:\Users\Admin\AppData\Local\Temp\CristalixLauncher-3.0.145.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1800
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://java.com/download
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1076
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1076 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1864

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cfc2a9a6b1a1f6be667d94fd844a4c9e

    SHA1

    deb65d28dfcae12244eed4b1e94c3d7018646942

    SHA256

    e4c8b96d2eb5ca182ffac99dedefc5d4387a2bbee574cc3143c64476b9815e45

    SHA512

    a6cb364a6e2d456cf954c70d4be4e525292bcb088e31a530a3452c2f87903738278afdd6e4aa0bdef5fe3c1a0cc7b5271f255c05d432d313776ad9ddd4ed4406

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\shpg9mq\imagestore.dat
    Filesize

    5KB

    MD5

    efa018ec686ada4b210bab2f987ee82e

    SHA1

    b7e0c4e59786c5771800f8d5fbf9dbe8271f5b03

    SHA256

    dd26c77558755872944d5e66f8c98cd808afb15b4a8c4949fe940c49ed03b58a

    SHA512

    29a5509cfbf87114d0a5a80723b757698a763ff39ad9c2a483ef20f5dbb55a34908f5d96be86a6452551fbe605ec79643f699f70a33ff3b0e6211f64aa84b0b3

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\095CL77I.txt
    Filesize

    607B

    MD5

    a91f18d5ff22ff6abbae27715559ca5a

    SHA1

    d32cadb646d22c17fe2101d611894fbcb4714e9b

    SHA256

    2781d4fb49650c2eb9810bc4b5439877778e96d045a7446c15b60c71bb6dca94

    SHA512

    4dbd8c0390d4620ae20777189d90160ba904ffdfe4f4647dac40fa7ecb218d6bbd1a45b6d91aef00b113c302ad121bda8c47e2a85e6e2937c55f4ca6a3dee06d

    Download Submit
  • memory/1800-54-0x0000000075081000-0x0000000075083000-memory.dmp
    Filesize

    8KB

    Download