22ea41ee4c63a22ea3a05431e99fe8b450595b7b32373e0f9d617ddfb14f1ce9 | Triage

Submit
Reports

Overview

overview

9

Static

static

22ea41ee4c...e9.exe

windows7-x64

9

22ea41ee4c...e9.exe

windows10-2004-x64

1

Sharing

General

Target

22ea41ee4c63a22ea3a05431e99fe8b450595b7b32373e0f9d617ddfb14f1ce9
Size

204KB
Sample

221128-m3n1csdd3x
MD5

49b03abf04d242aa1ad17a2b1a3c1dbb
SHA1

1bb1117ddb72b6cfce553ed7bcb64f2803501f49
SHA256

22ea41ee4c63a22ea3a05431e99fe8b450595b7b32373e0f9d617ddfb14f1ce9
SHA512

76832a4d62c3e8aafdb6cb0b4f7de9ab66a74905077180e8f7dd2c7480d5e58a85cf81a604f71630785c4d675d5725d20721180e801df44b746457d4f1f0b116
SSDEEP

3072:IfB3ShiS5rGTRGfMNzg/60Hby2T5DD7diinCHMH84er3A/uFQ7eeTz14jCv:IZ3ShiwrGTUf4E/xijc8Fr3PFaTz1h

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

22ea41ee4c63a22ea3a05431e99fe8b450595b7b32373e0f9d617ddfb14f1ce9.exe

Resource

win7-20220812-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

22ea41ee4c63a22ea3a05431e99fe8b450595b7b32373e0f9d617ddfb14f1ce9.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  22ea41ee4c63a22ea3a05431e99fe8b450595b7b32373e0f9d617ddfb14f1ce9
- Size
  
  204KB
- MD5
  
  49b03abf04d242aa1ad17a2b1a3c1dbb
- SHA1
  
  1bb1117ddb72b6cfce553ed7bcb64f2803501f49
- SHA256
  
  22ea41ee4c63a22ea3a05431e99fe8b450595b7b32373e0f9d617ddfb14f1ce9
- SHA512
  
  76832a4d62c3e8aafdb6cb0b4f7de9ab66a74905077180e8f7dd2c7480d5e58a85cf81a604f71630785c4d675d5725d20721180e801df44b746457d4f1f0b116
- SSDEEP
  
  3072:IfB3ShiS5rGTRGfMNzg/60Hby2T5DD7diinCHMH84er3A/uFQ7eeTz14jCv:IZ3ShiwrGTUf4E/xijc8Fr3PFaTz1h
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

© 2018-2024

Terms | Privacy