Overview

overview

10

Static

static

8

Calculatio...20.xls

windows7_x64

10

Calculatio...20.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Calculation-438711349-11202020.zip

  • Size

    12KB

  • Sample

    201125-6ygr3w553s

  • MD5

    c9ddf81a03a103352003e4764ca9049c

  • SHA1

    93b548da7d61c3616323bb5bbf39bebe7c3e3817

  • SHA256

    798bf407870be188d2a671f842358287b71cca38f0f80000f35cb996dcbfb48b

  • SHA512

    df2b819a32a2ad074e0e7eacc123798ed229d5c2551af3cb3234e35638416b5284a883ef1b3d4edd6543757716c423fefd209eb4cb10755602a2082ebf292b21

Score
10/10
cryptonemacropacker

Malware Config

Targets

    • Target

      Calculation-438711349-11202020.xls

    • Size

      62KB

    • MD5

      182d899cffb334cede36bd37a5fc5730

    • SHA1

      9f8745527a3fe95eaa6ce0f37088791c88e4d30f

    • SHA256

      90d873d4a311bcaff6c522cadd137c382aff572144cd2cee4f1873ec851ca8d7

    • SHA512

      aaebd74aafb0f457152fad1e80b2a15fbcdaf85464616e6621dacb039a50b822da7e583492da64aabda1a9cfcedf7450b16a8304862a801f29ca3b6f9bc2e6ee

    Score
    10/10
    cryptonepacker

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

      cryptonepacker

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks