Overview

overview

7

Static

static

7

Crystal_Pr...1).exe

windows7-x64

7

Crystal_Pr...1).exe

windows10-2004-x64

7

Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    30/04/2024, 13:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Crystal_Proxy_Launcher_NEW (1).exe

  • Size

    432KB

  • MD5

    8950c29f08f7420b7a40f5ba66dd47e5

  • SHA1

    1f3a87b58e4b0979345c5976010b2f8e4fe31bcf

  • SHA256

    6672fe295930aca84e5dcfa815148d7267728cd3d20e1a71a0eed7c957324769

  • SHA512

    b8950d294f36b927f600f610dd3fd4651c869dc9b714993fc7cb42fe99ea74d29ac6a360a6e14776d87bc58064061868a0fc427bea562493d457f76471cf6420

  • SSDEEP

    12288:/9L9PgguwDHYMNG2R/8YB/Lofv5gj5cgKCb:p/LD4MNG29BLon5gjjb

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of NtSetInformationThreadHideFromDebugger 19 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Crystal_Proxy_Launcher_NEW (1).exe
    "C:\Users\Admin\AppData\Local\Temp\Crystal_Proxy_Launcher_NEW (1).exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Crystal_Proxy_Launcher_NEW (1).exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2216
      • C:\Windows\system32\certutil.exe
        certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Crystal_Proxy_Launcher_NEW (1).exe" MD5
        3⤵
          PID:2592
        • C:\Windows\system32\find.exe
          find /i /v "md5"
          3⤵
            PID:2732
          • C:\Windows\system32\find.exe
            find /i /v "certutil"
            3⤵
              PID:2092

        Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/2204-0-0x000000013FD30000-0x000000013FE43000-memory.dmp

                Filesize

                1.1MB

                Download

              • memory/2204-1-0x000000013FD30000-0x000000013FE43000-memory.dmp

                Filesize

                1.1MB

                Download