eb7045657457cda26e7a248667005d4bb0af3128b28ce7f139319802dcb581be | Triage

Submit
Reports

Overview

overview

9

Static

static

eb70456574...be.exe

windows7-x64

9

eb70456574...be.exe

windows10-2004-x64

9

Sharing

General

Target

eb7045657457cda26e7a248667005d4bb0af3128b28ce7f139319802dcb581be
Size

313KB
Sample

221125-hmkksahc36
MD5

cceec4d39dc1db19eb785e73f32a21ea
SHA1

62a35a5c6a66f11d490357c7f7ae19f693dc1c97
SHA256

eb7045657457cda26e7a248667005d4bb0af3128b28ce7f139319802dcb581be
SHA512

725bee08c39153da69e20358df15a8af548f72c996d711cfb387d8435a2c3548b3d7111f371c94cb95c45522ec9ade19b48fef2260b34ca3a460e44d67085514
SSDEEP

3072:YY+YxZPaJYBRth3dawC6yROr8Q04ktuoTKTZYmwiWKEpzrxFIMZ:Ymxcg/tdZDAVDXTKTyziT8vl

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

eb7045657457cda26e7a248667005d4bb0af3128b28ce7f139319802dcb581be.exe

Resource

win7-20221111-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

eb7045657457cda26e7a248667005d4bb0af3128b28ce7f139319802dcb581be.exe

Resource

win10v2004-20221111-en

cryptone packer persistence

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  eb7045657457cda26e7a248667005d4bb0af3128b28ce7f139319802dcb581be
- Size
  
  313KB
- MD5
  
  cceec4d39dc1db19eb785e73f32a21ea
- SHA1
  
  62a35a5c6a66f11d490357c7f7ae19f693dc1c97
- SHA256
  
  eb7045657457cda26e7a248667005d4bb0af3128b28ce7f139319802dcb581be
- SHA512
  
  725bee08c39153da69e20358df15a8af548f72c996d711cfb387d8435a2c3548b3d7111f371c94cb95c45522ec9ade19b48fef2260b34ca3a460e44d67085514
- SSDEEP
  
  3072:YY+YxZPaJYBRth3dawC6yROr8Q04ktuoTKTZYmwiWKEpzrxFIMZ:Ymxcg/tdZDAVDXTKTyziT8vl
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

cryptonepackerpersistence

© 2018-2024

Terms | Privacy