Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
2s -
max time network
4s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
15/06/2024, 00:40
Behavioral task
behavioral1
Sample
CrystalUPDATED.rar
Resource
win7-20240611-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
CrystalUPDATED.rar
Resource
win10v2004-20240508-en
11 signatures
150 seconds
General
-
Target
CrystalUPDATED.rar
-
Size
11.5MB
-
MD5
c4c793cef987e26464a0e2175bad3a4d
-
SHA1
ea9951d2d76a9435f13a5d5032ba6abf6c4d10da
-
SHA256
57f487f0d8eddd22ea6c42f697c612d3969e8cba20925cb72a1b8568b67b3003
-
SHA512
23ab84985bc9fb40655f6fb0ecb7eb48f133be4c4be83ccb52fff35225de47aadb6a394a027cfc7ec370e5c9a234f38e04e2c246443d161e40405719381174f6
-
SSDEEP
196608:ozhyrqZFHiXs4opYKvXUnIaR7tDzZq2cZSCfPwMUlAc4xN/jnAUN9AxIfg+HM+aX:KIrqHj4opZvYIaRpVq+Cn72AjN7nAUvO
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_Classes\Local Settings rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2124 wrote to memory of 2708 2124 cmd.exe 29 PID 2124 wrote to memory of 2708 2124 cmd.exe 29 PID 2124 wrote to memory of 2708 2124 cmd.exe 29
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\CrystalUPDATED.rar1⤵
- Suspicious use of WriteProcessMemory
PID:2124 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\CrystalUPDATED.rar2⤵
- Modifies registry class
PID:2708
-