1d7c5062f2ebd6ba60707f4dd44c9ede932002782bdbc9293243f61d1ebad5f7 | Triage

Submit
Reports

Overview

overview

9

Static

static

1d7c5062f2...f7.exe

windows7-x64

9

1d7c5062f2...f7.exe

windows10-2004-x64

3

Sharing

General

Target

1d7c5062f2ebd6ba60707f4dd44c9ede932002782bdbc9293243f61d1ebad5f7
Size

237KB
Sample

221122-xygqlaeb46
MD5

27e196fef33a26ce1e0d226c69d8b787
SHA1

5fd2284d76210ec1fb3c774780a98f8a4ec9db16
SHA256

1d7c5062f2ebd6ba60707f4dd44c9ede932002782bdbc9293243f61d1ebad5f7
SHA512

76d6e8c62c1941f8257861a4b0dd0ebde7ff2467549a3c476e548c01c3c9a34f6cf61cc13935e1267787ad1c65e9fdc0bf1c1e98886fae358ac358f4fc4cfe20
SSDEEP

3072:0pp72M/zSKEobuaKGYCB+y4XMIYgCn4C6qVIwe7EsEcHIdk:O9rSKEobuaKneIYACnVI1NHD

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

1d7c5062f2ebd6ba60707f4dd44c9ede932002782bdbc9293243f61d1ebad5f7.exe

Resource

win7-20221111-en

cryptone packer persistence

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

1d7c5062f2ebd6ba60707f4dd44c9ede932002782bdbc9293243f61d1ebad5f7.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  1d7c5062f2ebd6ba60707f4dd44c9ede932002782bdbc9293243f61d1ebad5f7
- Size
  
  237KB
- MD5
  
  27e196fef33a26ce1e0d226c69d8b787
- SHA1
  
  5fd2284d76210ec1fb3c774780a98f8a4ec9db16
- SHA256
  
  1d7c5062f2ebd6ba60707f4dd44c9ede932002782bdbc9293243f61d1ebad5f7
- SHA512
  
  76d6e8c62c1941f8257861a4b0dd0ebde7ff2467549a3c476e548c01c3c9a34f6cf61cc13935e1267787ad1c65e9fdc0bf1c1e98886fae358ac358f4fc4cfe20
- SSDEEP
  
  3072:0pp72M/zSKEobuaKGYCB+y4XMIYgCn4C6qVIwe7EsEcHIdk:O9rSKEobuaKneIYACnVI1NHD
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

© 2018-2024

Terms | Privacy