73313ab66ea308d4e1d1d8482632609b7af848fb3912cd7b6eb13bd203d691c9 | Triage

Submit
Reports

Overview

overview

9

Static

static

73313ab66e...c9.exe

windows7-x64

9

73313ab66e...c9.exe

windows10-2004-x64

9

Sharing

General

Target

73313ab66ea308d4e1d1d8482632609b7af848fb3912cd7b6eb13bd203d691c9
Size

182KB
Sample

221126-pd7saafd3w
MD5

74c53632c9a4ed7ceeb262c26323fe66
SHA1

503acdb7bb04f1c03d58525b099055544638f434
SHA256

73313ab66ea308d4e1d1d8482632609b7af848fb3912cd7b6eb13bd203d691c9
SHA512

eedfa1132baff659760c3a71d224b2e81ba99eee5c1981b78784aa2ba44ea023cdabce3e7b3430ae8922ccfe122ee04d32f3990d48fbe07ff72321e55b72d7b6
SSDEEP

3072:stjbRotGtB4ICKDyhj5UhbSWKPM1aR9D/MCtLrdhfEIlES:stXvCngSh0y0CBrdtGS

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

73313ab66ea308d4e1d1d8482632609b7af848fb3912cd7b6eb13bd203d691c9.exe

Resource

win7-20221111-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

73313ab66ea308d4e1d1d8482632609b7af848fb3912cd7b6eb13bd203d691c9.exe

Resource

win10v2004-20220812-en

cryptone packer persistence

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  73313ab66ea308d4e1d1d8482632609b7af848fb3912cd7b6eb13bd203d691c9
- Size
  
  182KB
- MD5
  
  74c53632c9a4ed7ceeb262c26323fe66
- SHA1
  
  503acdb7bb04f1c03d58525b099055544638f434
- SHA256
  
  73313ab66ea308d4e1d1d8482632609b7af848fb3912cd7b6eb13bd203d691c9
- SHA512
  
  eedfa1132baff659760c3a71d224b2e81ba99eee5c1981b78784aa2ba44ea023cdabce3e7b3430ae8922ccfe122ee04d32f3990d48fbe07ff72321e55b72d7b6
- SSDEEP
  
  3072:stjbRotGtB4ICKDyhj5UhbSWKPM1aR9D/MCtLrdhfEIlES:stXvCngSh0y0CBrdtGS
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

cryptonepackerpersistence

© 2018-2024

Terms | Privacy