2765f7ea0956bac0d64bd9799705f601e6fd42770294354ea4b74a6998137b61 | Triage

Submit
Reports

Overview

overview

9

Static

static

2765f7ea09...61.exe

windows7-x64

9

2765f7ea09...61.exe

windows10-2004-x64

3

Sharing

General

Target

2765f7ea0956bac0d64bd9799705f601e6fd42770294354ea4b74a6998137b61
Size

206KB
Sample

221127-xq8t4sbe56
MD5

44992c27cd09dc998b239e3dae7095f6
SHA1

f8111075dc7fac6c4b7997438943fe6078a72147
SHA256

2765f7ea0956bac0d64bd9799705f601e6fd42770294354ea4b74a6998137b61
SHA512

92c3f96a2c9e361012deee0d698941009484c52d081218352b92dad1d981f6ea77c9fcff104f394d1bc167ca3b6ef6be460771fe2c153e5a82dc409edbc12d78
SSDEEP

3072:lmR3i6zP2xc9SfRH/Qin/jzO5tP0/0S9Db31kvSGv6gG2nAwDtV:lmQ6yxc9SF4l52jnlN06jIbT

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

2765f7ea0956bac0d64bd9799705f601e6fd42770294354ea4b74a6998137b61.exe

Resource

win7-20220812-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2765f7ea0956bac0d64bd9799705f601e6fd42770294354ea4b74a6998137b61.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  2765f7ea0956bac0d64bd9799705f601e6fd42770294354ea4b74a6998137b61
- Size
  
  206KB
- MD5
  
  44992c27cd09dc998b239e3dae7095f6
- SHA1
  
  f8111075dc7fac6c4b7997438943fe6078a72147
- SHA256
  
  2765f7ea0956bac0d64bd9799705f601e6fd42770294354ea4b74a6998137b61
- SHA512
  
  92c3f96a2c9e361012deee0d698941009484c52d081218352b92dad1d981f6ea77c9fcff104f394d1bc167ca3b6ef6be460771fe2c153e5a82dc409edbc12d78
- SSDEEP
  
  3072:lmR3i6zP2xc9SfRH/Qin/jzO5tP0/0S9Db31kvSGv6gG2nAwDtV:lmQ6yxc9SF4l52jnlN06jIbT
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Deletes itself
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

© 2018-2024

Terms | Privacy