548f712908ed2c8aac2f1f1545aeab0bfbc3353db9ab6035d3d2040b6ecaae9e | Triage

Submit
Reports

Overview

overview

9

Static

static

548f712908...9e.exe

windows7-x64

9

548f712908...9e.exe

windows10-2004-x64

9

Sharing

General

Target

548f712908ed2c8aac2f1f1545aeab0bfbc3353db9ab6035d3d2040b6ecaae9e
Size

211KB
Sample

221125-jq64maff6w
MD5

62650be2c71873cc78d9a8c9500b3c7a
SHA1

8d12976e696b83064a4fb55540c36b52a0cc296a
SHA256

548f712908ed2c8aac2f1f1545aeab0bfbc3353db9ab6035d3d2040b6ecaae9e
SHA512

0de93e1fb89931da1d630a021162d100bd991f0631cae42a561e36123a3ad8fd01b2ff88a8ad9624fba8546bbc1ba658b2451234689c01dcb192c6a9b285b71f
SSDEEP

3072:kblLYNrblBWBcywc06lO9a1t8zvIvCghnqj01XUNRD5byFW:wIdw0ZkUzvIagNqj4UjD5uW

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

548f712908ed2c8aac2f1f1545aeab0bfbc3353db9ab6035d3d2040b6ecaae9e.exe

Resource

win7-20220812-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

548f712908ed2c8aac2f1f1545aeab0bfbc3353db9ab6035d3d2040b6ecaae9e.exe

Resource

win10v2004-20220901-en

cryptone packer persistence

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  548f712908ed2c8aac2f1f1545aeab0bfbc3353db9ab6035d3d2040b6ecaae9e
- Size
  
  211KB
- MD5
  
  62650be2c71873cc78d9a8c9500b3c7a
- SHA1
  
  8d12976e696b83064a4fb55540c36b52a0cc296a
- SHA256
  
  548f712908ed2c8aac2f1f1545aeab0bfbc3353db9ab6035d3d2040b6ecaae9e
- SHA512
  
  0de93e1fb89931da1d630a021162d100bd991f0631cae42a561e36123a3ad8fd01b2ff88a8ad9624fba8546bbc1ba658b2451234689c01dcb192c6a9b285b71f
- SSDEEP
  
  3072:kblLYNrblBWBcywc06lO9a1t8zvIvCghnqj01XUNRD5byFW:wIdw0ZkUzvIagNqj4UjD5uW
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

cryptonepackerpersistence

© 2018-2024

Terms | Privacy