Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

CrystalLauncherN.exe

windows7-x64

1

CrystalLauncherN.exe

windows10-2004-x64

1

Resubmissions

14/06/2024, 14:56

240614-sa513avgnh 7

14/06/2024, 14:55

240614-sah7asyhkp 3

14/06/2024, 14:52

240614-r88zyaygqk 3

Analysis

  • max time kernel
    27s
  • max time network
    26s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2024, 14:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CrystalLauncherN.exe

  • Size

    1.5MB

  • MD5

    71ce62ad6a1da34bcc3a0bca71f1e2df

  • SHA1

    c5080fcb7b9ca8a8a267e217a4df2170eafc2bb2

  • SHA256

    7f13bb7a4b4fdab3ee99aa40599314fb2ab48f17c02736e06894c2578b3c0a36

  • SHA512

    f519cae4b8a71700bda63672219e1a9cf15e5a94cc2d7f1b96799144f91bd2d1e6782d637b935051ba2d08d59bf84d363921420b624fcaed21518f19b1fc1d8b

  • SSDEEP

    12288:qXlhhEayVkv/JBdBS4msNUCe65frHMnz2R9aty+v54BgC:qXlhhUQ/bdo4mz1U8z22y+vLC

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 40 IoCs
  • Suspicious use of SendNotifyMessage 39 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CrystalLauncherN.exe
    "C:\Users\Admin\AppData\Local\Temp\CrystalLauncherN.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2420
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2420-0-0x000007FEF52E3000-0x000007FEF52E4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2420-1-0x00000000001F0000-0x0000000000380000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2420-3-0x000000001AC00000-0x000000001AC78000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2420-4-0x0000000000410000-0x0000000000428000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2420-6-0x000007FEF52E0000-0x000007FEF5CCC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2420-18-0x000007FEF52E0000-0x000007FEF5CCC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2420-19-0x000007FEF52E3000-0x000007FEF52E4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2420-20-0x000007FEF52E0000-0x000007FEF5CCC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2420-21-0x000007FEF52E0000-0x000007FEF5CCC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2872-16-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download