7da242f8d9c5225489144a5af4a80f5960318c9faa14f203e7b4f2333a7a52e3 | Triage

Submit
Reports

Overview

overview

9

Static

static

7da242f8d9...e3.exe

windows7-x64

9

7da242f8d9...e3.exe

windows10-2004-x64

9

Sharing

General

Target

7da242f8d9c5225489144a5af4a80f5960318c9faa14f203e7b4f2333a7a52e3
Size

285KB
Sample

221126-1vr9psbh4w
MD5

534c42081d913b8dc6089ff5fb0b292f
SHA1

c1aea26901fd061fbacce7c3a7139a60262dc525
SHA256

7da242f8d9c5225489144a5af4a80f5960318c9faa14f203e7b4f2333a7a52e3
SHA512

e16573604563a7014f989f8c1370b35de194088942433ef70f98b97e2729898cb1369e89aa141da8ba0db8a64f4dbe209cca7d39526898985ae9f0462a1906e9
SSDEEP

3072:Kf/IjyTXdvTNcj2ufIz85Fc3jumeeBv9lhZDhiK8GMxsn:KXRQqhwkShsvThiPq

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

7da242f8d9c5225489144a5af4a80f5960318c9faa14f203e7b4f2333a7a52e3.exe

Resource

win7-20220812-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

7da242f8d9c5225489144a5af4a80f5960318c9faa14f203e7b4f2333a7a52e3.exe

Resource

win10v2004-20220812-en

cryptone packer persistence

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  7da242f8d9c5225489144a5af4a80f5960318c9faa14f203e7b4f2333a7a52e3
- Size
  
  285KB
- MD5
  
  534c42081d913b8dc6089ff5fb0b292f
- SHA1
  
  c1aea26901fd061fbacce7c3a7139a60262dc525
- SHA256
  
  7da242f8d9c5225489144a5af4a80f5960318c9faa14f203e7b4f2333a7a52e3
- SHA512
  
  e16573604563a7014f989f8c1370b35de194088942433ef70f98b97e2729898cb1369e89aa141da8ba0db8a64f4dbe209cca7d39526898985ae9f0462a1906e9
- SSDEEP
  
  3072:Kf/IjyTXdvTNcj2ufIz85Fc3jumeeBv9lhZDhiK8GMxsn:KXRQqhwkShsvThiPq
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

cryptonepackerpersistence

© 2018-2024

Terms | Privacy