d33ba4f4be16187eb4f8986e736462ddce83a5a0826ce60ca0a37fe7d0a2f642 | Triage

Submit
Reports

Overview

overview

9

Static

static

d33ba4f4be...42.exe

windows7-x64

9

d33ba4f4be...42.exe

windows10-2004-x64

9

Sharing

General

Target

d33ba4f4be16187eb4f8986e736462ddce83a5a0826ce60ca0a37fe7d0a2f642
Size

179KB
Sample

221125-hs3csahf83
MD5

55f309fc11b602dd367d73c9d0144094
SHA1

fe7e90a105714abf4ba1a4a189748711c2bbc852
SHA256

d33ba4f4be16187eb4f8986e736462ddce83a5a0826ce60ca0a37fe7d0a2f642
SHA512

4f213acc70a68be49eb69d8e85c7654a05ec3f0b2230cf5b4cfa94ec2b7253f6765f14f8e92926f5167109eb56ce72438e075fffa10a8f1d3b9e0733b2f44490
SSDEEP

3072:qtLJogRsyi4A9790BFHBixbG0zfa6Ko9koszpBvLQpCQZ9t:qtLJsb990BFQi0zwoCpJQ7t

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

d33ba4f4be16187eb4f8986e736462ddce83a5a0826ce60ca0a37fe7d0a2f642.exe

Resource

win7-20221111-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

d33ba4f4be16187eb4f8986e736462ddce83a5a0826ce60ca0a37fe7d0a2f642.exe

Resource

win10v2004-20221111-en

cryptone packer persistence

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  d33ba4f4be16187eb4f8986e736462ddce83a5a0826ce60ca0a37fe7d0a2f642
- Size
  
  179KB
- MD5
  
  55f309fc11b602dd367d73c9d0144094
- SHA1
  
  fe7e90a105714abf4ba1a4a189748711c2bbc852
- SHA256
  
  d33ba4f4be16187eb4f8986e736462ddce83a5a0826ce60ca0a37fe7d0a2f642
- SHA512
  
  4f213acc70a68be49eb69d8e85c7654a05ec3f0b2230cf5b4cfa94ec2b7253f6765f14f8e92926f5167109eb56ce72438e075fffa10a8f1d3b9e0733b2f44490
- SSDEEP
  
  3072:qtLJogRsyi4A9790BFHBixbG0zfa6Ko9koszpBvLQpCQZ9t:qtLJsb990BFQi0zwoCpJQ7t
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

cryptonepackerpersistence

© 2018-2024

Terms | Privacy