046b313759086c63638af6e7a6d9786c701ccc131e5b6724e1f9b53a47e604f8 | Triage

Submit
Reports

Overview

overview

9

Static

static

046b313759...f8.exe

windows7-x64

9

046b313759...f8.exe

windows10-2004-x64

9

Sharing

General

Target

046b313759086c63638af6e7a6d9786c701ccc131e5b6724e1f9b53a47e604f8
Size

228KB
Sample

221125-mf75qaad54
MD5

a6fb1262525f863430735b4d0def9f98
SHA1

25f4bbc41f8b3e6d10b583a756ebe5b94c4759b7
SHA256

046b313759086c63638af6e7a6d9786c701ccc131e5b6724e1f9b53a47e604f8
SHA512

68d86a91f0a16fe58b3c61fb4e9c076e9dbc002a5b6005559d09fcc7ffe2271aa5d05f840573114734f3227a583bd77dd973aa32e8c3cc8eb0d87373bcd348b1
SSDEEP

3072:y0L6J2yckO/k0FpvZDJ47ZA39SiryydT4lh:nL/k0FpdJ+A3nyqU

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

046b313759086c63638af6e7a6d9786c701ccc131e5b6724e1f9b53a47e604f8.exe

Resource

win7-20220812-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

046b313759086c63638af6e7a6d9786c701ccc131e5b6724e1f9b53a47e604f8.exe

Resource

win10v2004-20220812-en

cryptone packer persistence

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  046b313759086c63638af6e7a6d9786c701ccc131e5b6724e1f9b53a47e604f8
- Size
  
  228KB
- MD5
  
  a6fb1262525f863430735b4d0def9f98
- SHA1
  
  25f4bbc41f8b3e6d10b583a756ebe5b94c4759b7
- SHA256
  
  046b313759086c63638af6e7a6d9786c701ccc131e5b6724e1f9b53a47e604f8
- SHA512
  
  68d86a91f0a16fe58b3c61fb4e9c076e9dbc002a5b6005559d09fcc7ffe2271aa5d05f840573114734f3227a583bd77dd973aa32e8c3cc8eb0d87373bcd348b1
- SSDEEP
  
  3072:y0L6J2yckO/k0FpvZDJ47ZA39SiryydT4lh:nL/k0FpdJ+A3nyqU
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

cryptonepackerpersistence

© 2018-2024

Terms | Privacy