2dabc788324df858f0ed6c77fc8da5d6c51b7b7ffcda70063c092c2ddf621087 | Triage

Submit
Reports

Overview

overview

9

Static

static

2dabc78832...87.exe

windows7-x64

9

2dabc78832...87.exe

windows10-2004-x64

9

Sharing

General

Target

2dabc788324df858f0ed6c77fc8da5d6c51b7b7ffcda70063c092c2ddf621087
Size

205KB
Sample

221127-txt3rafb3x
MD5

a9cf1294ddd0b9a8cc47e0f296252a6f
SHA1

11f6cff7f6f556330b0c278e6709ac4acf6d40e1
SHA256

2dabc788324df858f0ed6c77fc8da5d6c51b7b7ffcda70063c092c2ddf621087
SHA512

b8ceaad4171102cac8c4e7cdae6c2755ddce90a7da37d93d57f71ddec13c96567a42da92d743d933c349666a5e0ec74be6dd9ec99aa7a1228b0e8c50b085e5a9
SSDEEP

3072:SpGDDgYtLG/vl4lZwl8y90J1LxgvKnAwHeht2+3QRsFPpvhnAaVEVSsWDD:S7YuvlWKlX0JzgQ+htjHJAx+

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

2dabc788324df858f0ed6c77fc8da5d6c51b7b7ffcda70063c092c2ddf621087.exe

Resource

win7-20221111-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2dabc788324df858f0ed6c77fc8da5d6c51b7b7ffcda70063c092c2ddf621087.exe

Resource

win10v2004-20220812-en

cryptone packer persistence

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  2dabc788324df858f0ed6c77fc8da5d6c51b7b7ffcda70063c092c2ddf621087
- Size
  
  205KB
- MD5
  
  a9cf1294ddd0b9a8cc47e0f296252a6f
- SHA1
  
  11f6cff7f6f556330b0c278e6709ac4acf6d40e1
- SHA256
  
  2dabc788324df858f0ed6c77fc8da5d6c51b7b7ffcda70063c092c2ddf621087
- SHA512
  
  b8ceaad4171102cac8c4e7cdae6c2755ddce90a7da37d93d57f71ddec13c96567a42da92d743d933c349666a5e0ec74be6dd9ec99aa7a1228b0e8c50b085e5a9
- SSDEEP
  
  3072:SpGDDgYtLG/vl4lZwl8y90J1LxgvKnAwHeht2+3QRsFPpvhnAaVEVSsWDD:S7YuvlWKlX0JzgQ+htjHJAx+
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

cryptonepackerpersistence

© 2018-2024

Terms | Privacy