2593e25ff0b8df13067071ca27532c46e9de52cadb3b0159a8879f68d2d12762 | Triage

Submit
Reports

Overview

overview

9

Static

static

2593e25ff0...62.exe

windows7-x64

9

2593e25ff0...62.exe

windows10-2004-x64

3

Sharing

General

Target

2593e25ff0b8df13067071ca27532c46e9de52cadb3b0159a8879f68d2d12762
Size

165KB
Sample

221126-pyzmeadd44
MD5

20d875ef318f7fe70895b7ca2d8c73fa
SHA1

8368173f6edc826b06f72b2fef0818931f49ba5d
SHA256

2593e25ff0b8df13067071ca27532c46e9de52cadb3b0159a8879f68d2d12762
SHA512

bd8632736cb816bd94fefad125138996dc0ae02f066dff3f498762c55be96c652fbcf6763b46f99c212c578275795fb4b675b4aaf138f0e237c5934ac71e375c
SSDEEP

3072:KYmlOJseb6jEfMR5kF/71yiMF44WyUtVU1yOXGB8kFF/df2oFfHgWiI+xR:vueOwqfJxU7iFXG/rdf2oRPy

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

2593e25ff0b8df13067071ca27532c46e9de52cadb3b0159a8879f68d2d12762.exe

Resource

win7-20221111-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2593e25ff0b8df13067071ca27532c46e9de52cadb3b0159a8879f68d2d12762.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  2593e25ff0b8df13067071ca27532c46e9de52cadb3b0159a8879f68d2d12762
- Size
  
  165KB
- MD5
  
  20d875ef318f7fe70895b7ca2d8c73fa
- SHA1
  
  8368173f6edc826b06f72b2fef0818931f49ba5d
- SHA256
  
  2593e25ff0b8df13067071ca27532c46e9de52cadb3b0159a8879f68d2d12762
- SHA512
  
  bd8632736cb816bd94fefad125138996dc0ae02f066dff3f498762c55be96c652fbcf6763b46f99c212c578275795fb4b675b4aaf138f0e237c5934ac71e375c
- SSDEEP
  
  3072:KYmlOJseb6jEfMR5kF/71yiMF44WyUtVU1yOXGB8kFF/df2oFfHgWiI+xR:vueOwqfJxU7iFXG/rdf2oRPy
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

© 2018-2024

Terms | Privacy