e9633fa43e97dd36ae7d4fdb84985aa5b3eb6e395381f33284bd6bab4ad2b98b | Triage

Submit
Reports

Overview

overview

9

Static

static

e9633fa43e...8b.exe

windows7-x64

9

e9633fa43e...8b.exe

windows10-2004-x64

9

Sharing

General

Target

e9633fa43e97dd36ae7d4fdb84985aa5b3eb6e395381f33284bd6bab4ad2b98b
Size

217KB
Sample

221125-hm18jahc58
MD5

4118211a4ac4103ea7351a0500a1a883
SHA1

820f3cd722b29adc81dcb95610c96961fc04acc2
SHA256

e9633fa43e97dd36ae7d4fdb84985aa5b3eb6e395381f33284bd6bab4ad2b98b
SHA512

8d5dfd08e9b0ab1e8a90eb8f9a67e21ca23d121061e9b1e0c16f2ac3c69a2f3374cacf0d200b1f9302c5cbfb83587a2eb17037771ee3effed9fc33c5a64ae1d1
SSDEEP

3072:F+AZfjOlbwZNBFx7yMvXj31IK3a6LUpPTIupkHKWDZf+/vhP7fd:F+WfjrFTvhIK3ahTIVqBF

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

e9633fa43e97dd36ae7d4fdb84985aa5b3eb6e395381f33284bd6bab4ad2b98b.exe

Resource

win7-20220901-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

e9633fa43e97dd36ae7d4fdb84985aa5b3eb6e395381f33284bd6bab4ad2b98b.exe

Resource

win10v2004-20220812-en

cryptone packer persistence

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  e9633fa43e97dd36ae7d4fdb84985aa5b3eb6e395381f33284bd6bab4ad2b98b
- Size
  
  217KB
- MD5
  
  4118211a4ac4103ea7351a0500a1a883
- SHA1
  
  820f3cd722b29adc81dcb95610c96961fc04acc2
- SHA256
  
  e9633fa43e97dd36ae7d4fdb84985aa5b3eb6e395381f33284bd6bab4ad2b98b
- SHA512
  
  8d5dfd08e9b0ab1e8a90eb8f9a67e21ca23d121061e9b1e0c16f2ac3c69a2f3374cacf0d200b1f9302c5cbfb83587a2eb17037771ee3effed9fc33c5a64ae1d1
- SSDEEP
  
  3072:F+AZfjOlbwZNBFx7yMvXj31IK3a6LUpPTIupkHKWDZf+/vhP7fd:F+WfjrFTvhIK3ahTIVqBF
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

cryptonepackerpersistence

© 2018-2024

Terms | Privacy