3c89b44aefb48d3458ec2de81a1f00564ef40e8ce5015b3e94cd320bcd9a9de2 | Triage

Submit
Reports

Overview

overview

9

Static

static

3c89b44aef...e2.exe

windows7-x64

9

3c89b44aef...e2.exe

windows10-2004-x64

9

Sharing

General

Target

3c89b44aefb48d3458ec2de81a1f00564ef40e8ce5015b3e94cd320bcd9a9de2
Size

209KB
Sample

221122-xnwrrshb9t
MD5

89c736dbc7d0ec3c9002af1e21c78c59
SHA1

5ec8c000e53a5482871140e13f228a2de719bb0b
SHA256

3c89b44aefb48d3458ec2de81a1f00564ef40e8ce5015b3e94cd320bcd9a9de2
SHA512

890c25e8a82b0751900a5032225bfad1a0ab8aaaa72876d8835e154151b7b00ca7e1da25ff58830b5a8b425df4c9d3598a50994f35d3cdd333627e5595bf8d44
SSDEEP

3072:lqthA9554iwyv02BMI2m9GbL7+nnI6wGCwSncmuo8XihThl:lShAJ132aGAI6wG3Scmuo8XiRH

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

3c89b44aefb48d3458ec2de81a1f00564ef40e8ce5015b3e94cd320bcd9a9de2.exe

Resource

win7-20220812-en

cryptone packer persistence

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

3c89b44aefb48d3458ec2de81a1f00564ef40e8ce5015b3e94cd320bcd9a9de2.exe

Resource

win10v2004-20221111-en

cryptone packer persistence

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  3c89b44aefb48d3458ec2de81a1f00564ef40e8ce5015b3e94cd320bcd9a9de2
- Size
  
  209KB
- MD5
  
  89c736dbc7d0ec3c9002af1e21c78c59
- SHA1
  
  5ec8c000e53a5482871140e13f228a2de719bb0b
- SHA256
  
  3c89b44aefb48d3458ec2de81a1f00564ef40e8ce5015b3e94cd320bcd9a9de2
- SHA512
  
  890c25e8a82b0751900a5032225bfad1a0ab8aaaa72876d8835e154151b7b00ca7e1da25ff58830b5a8b425df4c9d3598a50994f35d3cdd333627e5595bf8d44
- SSDEEP
  
  3072:lqthA9554iwyv02BMI2m9GbL7+nnI6wGCwSncmuo8XihThl:lShAJ132aGAI6wG3Scmuo8XiRH
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Deletes itself
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

cryptonepackerpersistence

© 2018-2024

Terms | Privacy