Overview

overview

7

Static

static

3

CristalixLauncher.exe

windows7-x64

1

CristalixLauncher.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    34s
  • max time network
    39s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-02-2024 16:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CristalixLauncher.exe

  • Size

    6.8MB

  • MD5

    193bf9df72716b53f91091865ad95a3d

  • SHA1

    fbe2127ccf12d1fa2d5d2fd38920c767b9595648

  • SHA256

    29750d9486434d4c2fea75ede7e18672c9e9fd36bf1f611674e0ae0cb46616fe

  • SHA512

    7df422bc34c2312b0e539f2574278047123d0f3915b435c453cfe70e6e5452728f7ce6c54fafc453774080f0cda18cb2db2edbdbea8629a3a5346483835b1335

  • SSDEEP

    196608:Zn3JrwbTDBDkmWt7i8heVQzSjVpAK/IpjIAUPC:Z3xw3NDkmieVQzyYjWPC

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CristalixLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\CristalixLauncher.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4808
    • C:\Program Files\Java\jdk-1.8\bin\javaw.exe
      "C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=15 -jar "CristalixLauncher.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2020
      • C:\Windows\system32\icacls.exe
        C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        3⤵
        • Modifies file permissions
        PID:3092

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp
    Filesize

    50B

    MD5

    05502c881369c9684dd50042fa0f5575

    SHA1

    217ace25311e57fb4dbb7023b9ed6cd70f028f73

    SHA256

    72379ae4286d6fabc406409966c961eb15ddfa75f04fb61ba64fab2fd9fc3cc6

    SHA512

    53a0f3d185eef5551ac05d0f1e8a69d1410f95a39eb51019f2aa8edfb56dcd13ad8b353c80fdbf5a2cd38f064e5fe248ffdb768d03534267466541b8b7bf43aa

    Download Submit

  • memory/2020-8-0x00000184E3D90000-0x00000184E4D90000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2020-12-0x00000184E24D0000-0x00000184E24D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2020-19-0x00000184E3D90000-0x00000184E4D90000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2020-28-0x00000184E3D90000-0x00000184E4D90000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2020-37-0x00000184E3D90000-0x00000184E4D90000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2020-46-0x00000184E3D90000-0x00000184E4D90000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2020-54-0x00000184E3D90000-0x00000184E4D90000-memory.dmp

    Filesize

    16.0MB

    Download