88c6e8b9765435d45271ad1422a82c70760c15116f3ed32277c879bae1529eeb | Triage

Submit
Reports

Overview

overview

9

Static

static

88c6e8b976...eb.exe

windows7-x64

9

88c6e8b976...eb.exe

windows10-2004-x64

9

Sharing

General

Target

88c6e8b9765435d45271ad1422a82c70760c15116f3ed32277c879bae1529eeb
Size

253KB
Sample

221123-t4x3zsah7t
MD5

bc413cd7fb642e045f9f33847223c9bd
SHA1

b861734176811d0938e7cb62225d217a86cdc7b4
SHA256

88c6e8b9765435d45271ad1422a82c70760c15116f3ed32277c879bae1529eeb
SHA512

3fb07c1df69b865d312df7c886ac723c4a20e562f254253594ee27bb8165ad38199d36df4e377770859df09ca6083f3adb1dc24bed9175bfb49fe32cb5566c55
SSDEEP

3072:EtAcb+inTJscH6KkT0uXJOYokNbQaRP/HdyPZ39po6ybO3NVJCkt4oaFrh3kWsl/:EI2KMEOYoKG3bfybODJtvaFuzl/

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

88c6e8b9765435d45271ad1422a82c70760c15116f3ed32277c879bae1529eeb.exe

Resource

win7-20220812-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

88c6e8b9765435d45271ad1422a82c70760c15116f3ed32277c879bae1529eeb.exe

Resource

win10v2004-20221111-en

cryptone packer persistence

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  88c6e8b9765435d45271ad1422a82c70760c15116f3ed32277c879bae1529eeb
- Size
  
  253KB
- MD5
  
  bc413cd7fb642e045f9f33847223c9bd
- SHA1
  
  b861734176811d0938e7cb62225d217a86cdc7b4
- SHA256
  
  88c6e8b9765435d45271ad1422a82c70760c15116f3ed32277c879bae1529eeb
- SHA512
  
  3fb07c1df69b865d312df7c886ac723c4a20e562f254253594ee27bb8165ad38199d36df4e377770859df09ca6083f3adb1dc24bed9175bfb49fe32cb5566c55
- SSDEEP
  
  3072:EtAcb+inTJscH6KkT0uXJOYokNbQaRP/HdyPZ39po6ybO3NVJCkt4oaFrh3kWsl/:EI2KMEOYoKG3bfybODJtvaFuzl/
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

cryptonepackerpersistence

© 2018-2024

Terms | Privacy