9b0aa9f01850547f40691e965319963bfb0415ebacd83ff55cf29a1efd8d9cf7 | Triage

Submit
Reports

Overview

overview

9

Static

static

9b0aa9f018...f7.exe

windows7-x64

9

9b0aa9f018...f7.exe

windows10-2004-x64

9

Sharing

General

Target

9b0aa9f01850547f40691e965319963bfb0415ebacd83ff55cf29a1efd8d9cf7
Size

158KB
Sample

221127-2weknsef32
MD5

ac47b88b4fe972ae0a79d741657cbc71
SHA1

3b843e1edf13707c526d2be75521049e922c7ec8
SHA256

9b0aa9f01850547f40691e965319963bfb0415ebacd83ff55cf29a1efd8d9cf7
SHA512

0bb45fa4711550738b34e49f57fa36d97b6a942ab9b3d2e148a7a17207051c05092ef699c838d4e79e77fa85d5140638b3c8602ebbebcbf7d2879b62d710abde
SSDEEP

3072:ulmi6pW+c4Hb9pDzcxRnMKqQqMR0kRWKgGzm6tvUKJz9mHPDfAFF7Hw:WdaVHhpvcncQqMR5Ul8Rqr4F1Q

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

9b0aa9f01850547f40691e965319963bfb0415ebacd83ff55cf29a1efd8d9cf7.exe

Resource

win7-20220901-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

9b0aa9f01850547f40691e965319963bfb0415ebacd83ff55cf29a1efd8d9cf7.exe

Resource

win10v2004-20220812-en

cryptone packer persistence

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  9b0aa9f01850547f40691e965319963bfb0415ebacd83ff55cf29a1efd8d9cf7
- Size
  
  158KB
- MD5
  
  ac47b88b4fe972ae0a79d741657cbc71
- SHA1
  
  3b843e1edf13707c526d2be75521049e922c7ec8
- SHA256
  
  9b0aa9f01850547f40691e965319963bfb0415ebacd83ff55cf29a1efd8d9cf7
- SHA512
  
  0bb45fa4711550738b34e49f57fa36d97b6a942ab9b3d2e148a7a17207051c05092ef699c838d4e79e77fa85d5140638b3c8602ebbebcbf7d2879b62d710abde
- SSDEEP
  
  3072:ulmi6pW+c4Hb9pDzcxRnMKqQqMR0kRWKgGzm6tvUKJz9mHPDfAFF7Hw:WdaVHhpvcncQqMR5Ul8Rqr4F1Q
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

cryptonepackerpersistence

© 2018-2024

Terms | Privacy