640de00c829c6e37d31682753c2ea349b20dce7ae596a92fbf800835a1887200 | Triage

Submit
Reports

Overview

overview

9

Static

static

640de00c82...00.exe

windows7-x64

9

640de00c82...00.exe

windows10-2004-x64

3

Sharing

General

Target

640de00c829c6e37d31682753c2ea349b20dce7ae596a92fbf800835a1887200
Size

264KB
Sample

221126-z77pgsab4y
MD5

abac08a871868f166dab3a346c9ec0a2
SHA1

28460b771913d16d888817a3034956c0d911eb15
SHA256

640de00c829c6e37d31682753c2ea349b20dce7ae596a92fbf800835a1887200
SHA512

ece10d6f4ecdc9bdbad6bee4f9bba9ae82ca08118f68040113103e0f775ae9b0088466e9a34fee514b910605950de67172eb3387262efa58e6b589208d1f1b55
SSDEEP

3072:QweEpp8teo1cwWD88U4GXiGWYj4G1GaC6c5M+CyHEscvC21phGin2bwpf/wsUWGR:WkshJ487m0C6c5f0vC2zhGi2UV/CzUw

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

640de00c829c6e37d31682753c2ea349b20dce7ae596a92fbf800835a1887200.exe

Resource

win7-20220812-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

640de00c829c6e37d31682753c2ea349b20dce7ae596a92fbf800835a1887200.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  640de00c829c6e37d31682753c2ea349b20dce7ae596a92fbf800835a1887200
- Size
  
  264KB
- MD5
  
  abac08a871868f166dab3a346c9ec0a2
- SHA1
  
  28460b771913d16d888817a3034956c0d911eb15
- SHA256
  
  640de00c829c6e37d31682753c2ea349b20dce7ae596a92fbf800835a1887200
- SHA512
  
  ece10d6f4ecdc9bdbad6bee4f9bba9ae82ca08118f68040113103e0f775ae9b0088466e9a34fee514b910605950de67172eb3387262efa58e6b589208d1f1b55
- SSDEEP
  
  3072:QweEpp8teo1cwWD88U4GXiGWYj4G1GaC6c5M+CyHEscvC21phGin2bwpf/wsUWGR:WkshJ487m0C6c5f0vC2zhGi2UV/CzUw
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

© 2018-2024

Terms | Privacy