Technical Analysis of Crytox Ransomware | Zscaler Blog
Tags
| country: | Netherlands |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Software - T1592.002 Mshta - T1170 |
Common Information
| Type | Value |
|---|---|
| UUID | f604c754-2966-43ad-8d31-e914059311bb |
| Fingerprint | a420037ba4b9189b |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 21, 2022, midnight |
| Added to db | Jan. 16, 2023, 3:54 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Technical Analysis of Crytox Ransomware |
| Title | Technical Analysis of Crytox Ransomware | Zscaler Blog |
| Detected Hints/Tags/Attributes | 56/2/25 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 36 | c:\windows\system32\mshta.exe |
|
| Details | File | 23 | 'wevtutil.exe |
|
| Details | File | 95 | wevtutil.exe |
|
| Details | File | 345 | vssadmin.exe |
|
| Details | File | 23 | diskshadow.exe |
|
| Details | File | 1 | pghdn.txt |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 1 | config_t.config |
|
| Details | File | 1 | 416-win-x64.exe |
|
| Details | sha1 | 1 | 83a53e8770edd38eddd37ded63cef2253fc16979 |
|
| Details | sha256 | 1 | 32eef267a1192a9a739ccaaae0266bc66707bb64768a764541ecb039a50cba67 |
|
| Details | sha256 | 1 | a5c6636384f87c7c99ee77778df67b7b0dfff2f2bdd66b6bb1de6f6f5491c5c5 |
|
| Details | sha256 | 1 | 5060303003020101a9ce67677d562b2b19e7fefe62b5d7d7e64dabab9aec7676 |
|
| Details | sha256 | 1 | 1c0bf0c2e7d0c34ec038a8b717bb19d9c4cf3382ada1412f055a9786d3069d78 |
|
| Details | sha256 | 1 | 2115c4c859d497eec163ca33798c389649543d8a6e4db5806a791c6186722b71 |
|
| Details | sha256 | 1 | 307c83924e90f4627f08c2f744cf51f18ec6e246687282a0c1794369ff084f42 |
|
| Details | sha256 | 1 | 3764200cfa673e8796e7c955454b57c20852c2a7931fb9f632ef89d267bbd4c8 |
|
| Details | sha256 | 1 | 6d4e75bc0cc095fef94b9d98a4e94ce9145890b435012b5624aa73621ba6e312 |
|
| Details | sha256 | 1 | 79aff06385c16a98594c6fd314c572bfbe07fbe923f30a627e9b86ac3ab7c071 |
|
| Details | sha256 | 1 | 8ee4a58699ecf02dca516dc6b5b72d93fd9968f672b2be6f8920dfec027d7815 |
|
| Details | sha256 | 1 | c5550f44332750552921cb5d685ccfbeefa2ab4b03aed8c51c5db52bbe2ff5d4 |
|
| Details | sha256 | 1 | d60dc6965f6d68a3e7c82d42e90bfda7ad3c5874d2c59a66df6212aef027b455 |
|
| Details | Windows Registry Key | 1 | HKCR\.waiting\shell\open\command |
|
| Details | Windows Registry Key | 41 | HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |