912910ef5a3c8d881e9fa4f4c9a67511c22406696ab3827e9c78313a8ac859aa | Triage

Submit
Reports

Overview

overview

9

Static

static

912910ef5a...aa.exe

windows7-x64

9

912910ef5a...aa.exe

windows10-2004-x64

3

Sharing

General

Target

912910ef5a3c8d881e9fa4f4c9a67511c22406696ab3827e9c78313a8ac859aa
Size

188KB
Sample

221126-n6twfsca94
MD5

8d92e4af12778009b072aee4bd3e02d7
SHA1

a6f4b5495a59159d9222c928a190514f60d46e6d
SHA256

912910ef5a3c8d881e9fa4f4c9a67511c22406696ab3827e9c78313a8ac859aa
SHA512

95b2375f7a8ab82eed77fb44c867c7bb2019064848ee1d213142d9823b367f0aa7f2d08bafbfa8e56e6381bd3750da43a29ee9aef0cfecbe7c53c1ef6c8bba74
SSDEEP

3072:Hm6SQ6rmg7Xhwv7IuLHkytKp0HfA3jcJi1at5Uw/ELFmJC4LY:6Jq6a738jrtGEL0c

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

912910ef5a3c8d881e9fa4f4c9a67511c22406696ab3827e9c78313a8ac859aa.exe

Resource

win7-20220901-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

912910ef5a3c8d881e9fa4f4c9a67511c22406696ab3827e9c78313a8ac859aa.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  912910ef5a3c8d881e9fa4f4c9a67511c22406696ab3827e9c78313a8ac859aa
- Size
  
  188KB
- MD5
  
  8d92e4af12778009b072aee4bd3e02d7
- SHA1
  
  a6f4b5495a59159d9222c928a190514f60d46e6d
- SHA256
  
  912910ef5a3c8d881e9fa4f4c9a67511c22406696ab3827e9c78313a8ac859aa
- SHA512
  
  95b2375f7a8ab82eed77fb44c867c7bb2019064848ee1d213142d9823b367f0aa7f2d08bafbfa8e56e6381bd3750da43a29ee9aef0cfecbe7c53c1ef6c8bba74
- SSDEEP
  
  3072:Hm6SQ6rmg7Xhwv7IuLHkytKp0HfA3jcJi1at5Uw/ELFmJC4LY:6Jq6a738jrtGEL0c
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

© 2018-2024

Terms | Privacy