cbd655138d3da558de8b669db11373cc8e81ccb2004a8676ac44de559efe1acc | Triage

Submit
Reports

Overview

overview

9

Static

static

cbd655138d...cc.exe

windows7-x64

9

cbd655138d...cc.exe

windows10-2004-x64

3

Sharing

General

Target

cbd655138d3da558de8b669db11373cc8e81ccb2004a8676ac44de559efe1acc
Size

194KB
Sample

221126-npx7jsbd93
MD5

e8c177492ba74f3b148d1570ea64791f
SHA1

98f36136d0bb706d278e1c55b32d55da1e9fd545
SHA256

cbd655138d3da558de8b669db11373cc8e81ccb2004a8676ac44de559efe1acc
SHA512

a6823805b44c8899e68e6621c2544e25e83ae71fca62119c1bffb2b1660b856ff753f1bf7db71072d5e243398c7ab6eac01178659183450896d375b4db60a6b2
SSDEEP

3072:WXNHCcK/d57cZ0gucmIBHqI6QHEt9JVVtA3+kM8tfPTY1kzd4blnHl8SMWRxFeGA:z7xguAKXry3jdfPTykp4dl3RH/A

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

cbd655138d3da558de8b669db11373cc8e81ccb2004a8676ac44de559efe1acc.exe

Resource

win7-20221111-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

cbd655138d3da558de8b669db11373cc8e81ccb2004a8676ac44de559efe1acc.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  cbd655138d3da558de8b669db11373cc8e81ccb2004a8676ac44de559efe1acc
- Size
  
  194KB
- MD5
  
  e8c177492ba74f3b148d1570ea64791f
- SHA1
  
  98f36136d0bb706d278e1c55b32d55da1e9fd545
- SHA256
  
  cbd655138d3da558de8b669db11373cc8e81ccb2004a8676ac44de559efe1acc
- SHA512
  
  a6823805b44c8899e68e6621c2544e25e83ae71fca62119c1bffb2b1660b856ff753f1bf7db71072d5e243398c7ab6eac01178659183450896d375b4db60a6b2
- SSDEEP
  
  3072:WXNHCcK/d57cZ0gucmIBHqI6QHEt9JVVtA3+kM8tfPTY1kzd4blnHl8SMWRxFeGA:z7xguAKXry3jdfPTykp4dl3RH/A
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

© 2018-2024

Terms | Privacy