f15e7faee4e957b55af1ea183629d788e43d2c9010999f1e061792f7acc92efc | Triage

Submit
Reports

Overview

overview

9

Static

static

f15e7faee4...fc.exe

windows7-x64

9

f15e7faee4...fc.exe

windows10-2004-x64

9

Sharing

General

Target

f15e7faee4e957b55af1ea183629d788e43d2c9010999f1e061792f7acc92efc
Size

276KB
Sample

221127-ry7zwseb57
MD5

49772b743a7f18d91d06a74b1ec68cbe
SHA1

05429aa996033cee44331e4f9aab713a1bc0bf93
SHA256

f15e7faee4e957b55af1ea183629d788e43d2c9010999f1e061792f7acc92efc
SHA512

07309dcd960717f1cf1c875a2e33fb871b1eb41e5981afd502129261b0f9da07a67305ba181aa58327ff8b03a6537abfdb9616344a75e662c821a9a959a6a9dd
SSDEEP

6144:1mGwibP3TQFzQy8VEPpxwW+T+YDGcyNpl/:1mGwibPIky8/T+np

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

f15e7faee4e957b55af1ea183629d788e43d2c9010999f1e061792f7acc92efc.exe

Resource

win7-20220812-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

f15e7faee4e957b55af1ea183629d788e43d2c9010999f1e061792f7acc92efc.exe

Resource

win10v2004-20221111-en

cryptone packer persistence

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  f15e7faee4e957b55af1ea183629d788e43d2c9010999f1e061792f7acc92efc
- Size
  
  276KB
- MD5
  
  49772b743a7f18d91d06a74b1ec68cbe
- SHA1
  
  05429aa996033cee44331e4f9aab713a1bc0bf93
- SHA256
  
  f15e7faee4e957b55af1ea183629d788e43d2c9010999f1e061792f7acc92efc
- SHA512
  
  07309dcd960717f1cf1c875a2e33fb871b1eb41e5981afd502129261b0f9da07a67305ba181aa58327ff8b03a6537abfdb9616344a75e662c821a9a959a6a9dd
- SSDEEP
  
  6144:1mGwibP3TQFzQy8VEPpxwW+T+YDGcyNpl/:1mGwibPIky8/T+np
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

cryptonepackerpersistence

© 2018-2024

Terms | Privacy