Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

02/02/2023, 18:40

230202-xbpgxscg53 7

02/02/2023, 18:33

230202-w7pl5afc2x 7

02/02/2023, 18:29

230202-w455psbf99 3

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-es
  • resource tags

    arch:x64arch:x86image:win10-20220812-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    02/02/2023, 18:29

General

  • Target

    CrystalLauncherN.exe

  • Size

    1.5MB

  • MD5

    71ce62ad6a1da34bcc3a0bca71f1e2df

  • SHA1

    c5080fcb7b9ca8a8a267e217a4df2170eafc2bb2

  • SHA256

    7f13bb7a4b4fdab3ee99aa40599314fb2ab48f17c02736e06894c2578b3c0a36

  • SHA512

    f519cae4b8a71700bda63672219e1a9cf15e5a94cc2d7f1b96799144f91bd2d1e6782d637b935051ba2d08d59bf84d363921420b624fcaed21518f19b1fc1d8b

  • SSDEEP

    12288:qXlhhEayVkv/JBdBS4msNUCe65frHMnz2R9aty+v54BgC:qXlhhUQ/bdo4mz1U8z22y+vLC

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CrystalLauncherN.exe
    "C:\Users\Admin\AppData\Local\Temp\CrystalLauncherN.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2596

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2596-116-0x0000025494920000-0x0000025494AB0000-memory.dmp

    Filesize

    1.6MB

  • memory/2596-117-0x00000254AEE00000-0x00000254AEE78000-memory.dmp

    Filesize

    480KB

  • memory/2596-118-0x0000025494DA0000-0x0000025494DB8000-memory.dmp

    Filesize

    96KB