220720-n29q4sfad4 | Triage

Sharing

General

Target

220720-n29q4sfad4
Size

1.9MB
MD5

9fa1ba3e7d6e32f240c790753cdaaf8e
SHA1

7bcea3fbfcb4c170c57c9050499e1fae40f5d731
SHA256

fe997a590a68d98f95ac0b6c994ba69c3b2ece9841277b7fecd9dfaa6f589a87
SHA512

8d2fb58cb8776ead15f445671431eae13a00b48921e545c7ecbf91829015d818d663d9369f181de669ebb771b113c2f675c3a156fac5ede019b5fad9cb8c65fe
SSDEEP

49152:zHOalx8WJjq64Hv7OHxTAhEu5undVmB9dn5AI7EyP3S:Z/8WJjiPSRRu5undVmDd5VEyvS

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
cryptone packer

Processes:

resource yara_rule

sample cryptone
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

220720-n29q4sfad4

Files

220720-n29q4sfad4
.exe windows:5 windows x64 arch:x64

7bb84c055e762f3b23509e70313814ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetMenuCheckMarkDimensions
IsCharAlphaA
ShowCaret
GetDesktopWindow
GetForegroundWindow
GetLastActivePopup
GetQueueStatus
CloseWindow
CharNextW
GetAsyncKeyState
VkKeyScanW
IsCharUpperA
GetCapture
GetKeyboardLayout
GetDialogBaseUnits
GetOpenClipboardWindow
LoadIconA
GetDC

gdi32

GdiFlush
GetTextCharacterExtra
CreateMetaFileA
AddFontResourceA
GetTextCharset
SaveDC
AbortDoc
EndDoc
GetColorSpace
DeleteMetaFile
GetMapMode
GetStretchBltMode
CreateMetaFileW

advapi32

RegQueryValueExW
RegOpenKeyW

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l2
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ