e5b5062e453eccd7e46e5884f6f10a26c0214d8d032631b542009d06b84cfb38 | Triage

Submit
Reports

Overview

overview

9

Static

static

e5b5062e45...38.exe

windows7-x64

9

e5b5062e45...38.exe

windows10-2004-x64

9

Sharing

General

Target

e5b5062e453eccd7e46e5884f6f10a26c0214d8d032631b542009d06b84cfb38
Size

173KB
Sample

221127-r3tm3aed93
MD5

17ea31f59b12985dcb26f6ae6fbed7fb
SHA1

532f83e0a93f8af368da32d08d54b6452e13c107
SHA256

e5b5062e453eccd7e46e5884f6f10a26c0214d8d032631b542009d06b84cfb38
SHA512

1a4273c8376c4cc7dd2f0eeb97098fe8bf1451eab9de6bbf62d73881885dcda69bb25617543e98cf865414efa00307877cca60b3da698fee7788d94d14f947b9
SSDEEP

3072:3+Fv3GLUtN3kO4AyEymgAeB86rbmkDC8Z0kdBLcqMpWm:3svWQtN3sDi6rbmtq06L9I

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

e5b5062e453eccd7e46e5884f6f10a26c0214d8d032631b542009d06b84cfb38.exe

Resource

win7-20220901-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

e5b5062e453eccd7e46e5884f6f10a26c0214d8d032631b542009d06b84cfb38.exe

Resource

win10v2004-20220812-en

cryptone packer persistence

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  e5b5062e453eccd7e46e5884f6f10a26c0214d8d032631b542009d06b84cfb38
- Size
  
  173KB
- MD5
  
  17ea31f59b12985dcb26f6ae6fbed7fb
- SHA1
  
  532f83e0a93f8af368da32d08d54b6452e13c107
- SHA256
  
  e5b5062e453eccd7e46e5884f6f10a26c0214d8d032631b542009d06b84cfb38
- SHA512
  
  1a4273c8376c4cc7dd2f0eeb97098fe8bf1451eab9de6bbf62d73881885dcda69bb25617543e98cf865414efa00307877cca60b3da698fee7788d94d14f947b9
- SSDEEP
  
  3072:3+Fv3GLUtN3kO4AyEymgAeB86rbmkDC8Z0kdBLcqMpWm:3svWQtN3sDi6rbmtq06L9I
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

cryptonepackerpersistence

© 2018-2024

Terms | Privacy