Analysis
-
max time kernel
46s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
02-04-2023 16:42
General
-
Target
Crystalware b10/Crystalware b10.json
-
Size
3KB
-
MD5
2766098a8becc96aded98229d4c71599
-
SHA1
3a5c52a28e5fd84bf00a3fc1da37940d1631fa6d
-
SHA256
56440582d3ca9c00e04a7f4bff731a10556653906f9f210a0a963a9c67302a64
-
SHA512
a171b97d5c519c16cd9d436ec52aaa33e4e6d080504f6fda3d83de5edd1ee3c300127615305a85be0d9a60331f3cd60bcd6ec630991df8ee6aa16d82f565cc34
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 9 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Crystalware b10\Crystalware b10.json"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Crystalware b10\Crystalware b10.json2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Crystalware b10\Crystalware b10.json"3⤵
- Suspicious use of SetWindowsHookEx
-
-