815034ff8c9402429919a3cfb8fcee61fd1c9d845421ec271140e90d8038b650 | Triage

Submit
Reports

Overview

overview

9

Static

static

815034ff8c...50.exe

windows7-x64

9

815034ff8c...50.exe

windows10-2004-x64

9

Sharing

General

Target

815034ff8c9402429919a3cfb8fcee61fd1c9d845421ec271140e90d8038b650
Size

184KB
Sample

221126-pbc5wscc62
MD5

8d65c6f7d838d6982e4bd4aa95b61fcb
SHA1

269b82089574b05c8e6e87e6bf913e47976e62d0
SHA256

815034ff8c9402429919a3cfb8fcee61fd1c9d845421ec271140e90d8038b650
SHA512

c25a92a716303e33c405302a52f619065acb1881efeaeaa621c88e4b47122d8b307385766cc0608dc3a3744c4e15d4af6806b16c7f9372358613047db5ef5b40
SSDEEP

3072:JxUHhqoy+93APiDIZJhyirBBK/7Xf8umddy4QvZm3pTF9YvfcTnXAM:Jx5u3mFrBc/7Xf8umdUwZTLYCXL

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

815034ff8c9402429919a3cfb8fcee61fd1c9d845421ec271140e90d8038b650.exe

Resource

win7-20220901-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

815034ff8c9402429919a3cfb8fcee61fd1c9d845421ec271140e90d8038b650.exe

Resource

win10v2004-20220812-en

cryptone packer persistence

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  815034ff8c9402429919a3cfb8fcee61fd1c9d845421ec271140e90d8038b650
- Size
  
  184KB
- MD5
  
  8d65c6f7d838d6982e4bd4aa95b61fcb
- SHA1
  
  269b82089574b05c8e6e87e6bf913e47976e62d0
- SHA256
  
  815034ff8c9402429919a3cfb8fcee61fd1c9d845421ec271140e90d8038b650
- SHA512
  
  c25a92a716303e33c405302a52f619065acb1881efeaeaa621c88e4b47122d8b307385766cc0608dc3a3744c4e15d4af6806b16c7f9372358613047db5ef5b40
- SSDEEP
  
  3072:JxUHhqoy+93APiDIZJhyirBBK/7Xf8umddy4QvZm3pTF9YvfcTnXAM:Jx5u3mFrBc/7Xf8umdUwZTLYCXL
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

cryptonepackerpersistence

© 2018-2024

Terms | Privacy