1a52f1e2cc7669ab45b35949668ec991f0b55986c561144eda83427209498483 | Triage

Submit
Reports

Overview

overview

9

Static

static

1a52f1e2cc...83.exe

windows7-x64

9

1a52f1e2cc...83.exe

windows10-2004-x64

9

Sharing

General

Target

1a52f1e2cc7669ab45b35949668ec991f0b55986c561144eda83427209498483
Size

261KB
Sample

221125-pyjaescd2s
MD5

a2bbdf8062af242ffefdf2117a6b5062
SHA1

59078f4500033425a3c669acefccd6e4c2bfad13
SHA256

1a52f1e2cc7669ab45b35949668ec991f0b55986c561144eda83427209498483
SHA512

14958c253b0733f8d4dcb4b5dc24aafc2a03fbe27526d36def02e439826bda3ba39570e68caa631356eeb260516398d0b1c57effe672ab6b330bddfae80e1a5e
SSDEEP

3072:Q0TCW2KE3Wc5eJLHy182T7Ot5dBFjxj95AGXIYqYepinFx4MhWXsLLW:QWLE3Wc5U2PyzTYYHFhhWXsm

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

1a52f1e2cc7669ab45b35949668ec991f0b55986c561144eda83427209498483.exe

Resource

win7-20221111-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

1a52f1e2cc7669ab45b35949668ec991f0b55986c561144eda83427209498483.exe

Resource

win10v2004-20221111-en

cryptone packer persistence

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  1a52f1e2cc7669ab45b35949668ec991f0b55986c561144eda83427209498483
- Size
  
  261KB
- MD5
  
  a2bbdf8062af242ffefdf2117a6b5062
- SHA1
  
  59078f4500033425a3c669acefccd6e4c2bfad13
- SHA256
  
  1a52f1e2cc7669ab45b35949668ec991f0b55986c561144eda83427209498483
- SHA512
  
  14958c253b0733f8d4dcb4b5dc24aafc2a03fbe27526d36def02e439826bda3ba39570e68caa631356eeb260516398d0b1c57effe672ab6b330bddfae80e1a5e
- SSDEEP
  
  3072:Q0TCW2KE3Wc5eJLHy182T7Ot5dBFjxj95AGXIYqYepinFx4MhWXsLLW:QWLE3Wc5U2PyzTYYHFhhWXsm
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

cryptonepackerpersistence

© 2018-2024

Terms | Privacy