Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
02/02/2023, 18:40
230202-xbpgxscg53 702/02/2023, 18:33
230202-w7pl5afc2x 702/02/2023, 18:29
230202-w455psbf99 3Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-1703_x64 -
resource
win10-20220812-es -
resource tags
arch:x64arch:x86image:win10-20220812-eslocale:es-esos:windows10-1703-x64systemwindows -
submitted
02/02/2023, 18:29
Static task
static1
Behavioral task
behavioral1
Sample
CrystalLauncherN.exe
Resource
win10-20220812-es
2 signatures
150 seconds
General
-
Target
CrystalLauncherN.exe
-
Size
1.5MB
-
MD5
71ce62ad6a1da34bcc3a0bca71f1e2df
-
SHA1
c5080fcb7b9ca8a8a267e217a4df2170eafc2bb2
-
SHA256
7f13bb7a4b4fdab3ee99aa40599314fb2ab48f17c02736e06894c2578b3c0a36
-
SHA512
f519cae4b8a71700bda63672219e1a9cf15e5a94cc2d7f1b96799144f91bd2d1e6782d637b935051ba2d08d59bf84d363921420b624fcaed21518f19b1fc1d8b
-
SSDEEP
12288:qXlhhEayVkv/JBdBS4msNUCe65frHMnz2R9aty+v54BgC:qXlhhUQ/bdo4mz1U8z22y+vLC
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2596 CrystalLauncherN.exe