cf23e914d1f70edb1b9fdcc995431c6310fa023565b3e96d1cf4dac84bc3dcd6 | Triage

Submit
Reports

Overview

overview

9

Static

static

cf23e914d1...d6.exe

windows7-x64

9

cf23e914d1...d6.exe

windows10-2004-x64

9

Sharing

General

Target

cf23e914d1f70edb1b9fdcc995431c6310fa023565b3e96d1cf4dac84bc3dcd6
Size

223KB
Sample

221003-a1dqdshcg2
MD5

6dfefdaaf5b50396d5d15b22144ba8b0
SHA1

a836af9b9d4c3313ca26ccfbaa07025279955301
SHA256

cf23e914d1f70edb1b9fdcc995431c6310fa023565b3e96d1cf4dac84bc3dcd6
SHA512

8f58c6ac39f1a284a5fe4321f6b7d867c64d2bcd1b38e0b337159899c258cbd726429e0e5d448ce01a4647b61e7ebae52cebb2001fb98b8e0df2be771fc1b05c
SSDEEP

3072:jp7kXNyzoU0AVKzyA6EfGo9dM+4cvZvI+NZq3zLG93CWkEH:jxCNa8AWfJ9UcvFI+NZ0LG93CoH

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

cf23e914d1f70edb1b9fdcc995431c6310fa023565b3e96d1cf4dac84bc3dcd6.exe

Resource

win7-20220812-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

cf23e914d1f70edb1b9fdcc995431c6310fa023565b3e96d1cf4dac84bc3dcd6.exe

Resource

win10v2004-20220812-en

cryptone packer persistence

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  cf23e914d1f70edb1b9fdcc995431c6310fa023565b3e96d1cf4dac84bc3dcd6
- Size
  
  223KB
- MD5
  
  6dfefdaaf5b50396d5d15b22144ba8b0
- SHA1
  
  a836af9b9d4c3313ca26ccfbaa07025279955301
- SHA256
  
  cf23e914d1f70edb1b9fdcc995431c6310fa023565b3e96d1cf4dac84bc3dcd6
- SHA512
  
  8f58c6ac39f1a284a5fe4321f6b7d867c64d2bcd1b38e0b337159899c258cbd726429e0e5d448ce01a4647b61e7ebae52cebb2001fb98b8e0df2be771fc1b05c
- SSDEEP
  
  3072:jp7kXNyzoU0AVKzyA6EfGo9dM+4cvZvI+NZq3zLG93CWkEH:jxCNa8AWfJ9UcvFI+NZ0LG93CoH
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

cryptonepackerpersistence

© 2018-2024

Terms | Privacy