ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a

General

Target

ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
Size

44KB
MD5

1659b67551eb01ca6f92100f20cf7345
SHA1

f5d48a10d63301f4bf5b9dbda729fa256f51b99f
SHA256

ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a
SHA512

b39a81cfaff0d05e7b5a5f047d250e34190530a9c63db5829bb1916ba1c0b4ec5844815869f4db38bcb8d1752bfc271a6c77243a76e643d87c10adf3350799e3
SSDEEP

768:ba/Hde9PE1Xe04H7cHPHYmug6UXQm1dIZE2ocOT77e:bp/Hyj6S3T77

Score

10^/10

evasion persistence

Malware Config

Signatures

Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

Processes:

cuecuf.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	cuecuf.exe

Executes dropped EXE 1 IoCs

Processes:

cuecuf.exe

pid process

1168 cuecuf.exe

Loads dropped DLL 2 IoCs

Processes:

ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe

pid	process
1508	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
1508	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

cuecuf.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run\	cuecuf.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run\cuecuf = "C:\\Users\\Admin\\cuecuf.exe"	cuecuf.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

cuecuf.exe

pid	process
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe
1168	cuecuf.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.execuecuf.exe

pid process

1508 ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
1168 cuecuf.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.execuecuf.exe

description	pid	process	target process
PID 1508 wrote to memory of 1168	1508	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe	cuecuf.exe
PID 1508 wrote to memory of 1168	1508	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe	cuecuf.exe
PID 1508 wrote to memory of 1168	1508	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe	cuecuf.exe
PID 1508 wrote to memory of 1168	1508	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe	cuecuf.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
PID 1168 wrote to memory of 1508	1168	cuecuf.exe	ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe

C:\Users\Admin\AppData\Local\Temp\ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe
"C:\Users\Admin\AppData\Local\Temp\ab567b77585fd7dad909f354c2300e01f8e2e0b10afe8465e329401e03e4657a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1508

C:\Users\Admin\cuecuf.exe
"C:\Users\Admin\cuecuf.exe"
2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1168

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1

T1158

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\cuecuf.exe

Filesize
44KB

MD5
cd13c24818eb84cef592ed87639eb398

SHA1
80762a50539f2604d3c7bcd15900d23bc0fc1ccf

SHA256
b43ce32eab3a92e696f6f2c84ccd0fe6b099746a83dd944206509eb04f07fa37

SHA512
8f01d8784baf81589847f6f3c346dc42196279c8fcf6c827694e06802201aacaa08030c2bc01b615519661a561ba17281731cd2f30fcd02cceb27c8b9970a0f9

Download Submit
C:\Users\Admin\cuecuf.exe

Filesize
44KB

MD5
cd13c24818eb84cef592ed87639eb398

SHA1
80762a50539f2604d3c7bcd15900d23bc0fc1ccf

SHA256
b43ce32eab3a92e696f6f2c84ccd0fe6b099746a83dd944206509eb04f07fa37

SHA512
8f01d8784baf81589847f6f3c346dc42196279c8fcf6c827694e06802201aacaa08030c2bc01b615519661a561ba17281731cd2f30fcd02cceb27c8b9970a0f9

Download Submit
\Users\Admin\cuecuf.exe

Filesize
44KB

MD5
cd13c24818eb84cef592ed87639eb398

SHA1
80762a50539f2604d3c7bcd15900d23bc0fc1ccf

SHA256
b43ce32eab3a92e696f6f2c84ccd0fe6b099746a83dd944206509eb04f07fa37

SHA512
8f01d8784baf81589847f6f3c346dc42196279c8fcf6c827694e06802201aacaa08030c2bc01b615519661a561ba17281731cd2f30fcd02cceb27c8b9970a0f9

Download Submit
\Users\Admin\cuecuf.exe

Filesize
44KB

MD5
cd13c24818eb84cef592ed87639eb398

SHA1
80762a50539f2604d3c7bcd15900d23bc0fc1ccf

SHA256
b43ce32eab3a92e696f6f2c84ccd0fe6b099746a83dd944206509eb04f07fa37

SHA512
8f01d8784baf81589847f6f3c346dc42196279c8fcf6c827694e06802201aacaa08030c2bc01b615519661a561ba17281731cd2f30fcd02cceb27c8b9970a0f9

Download Submit
memory/1168-59-0x0000000000000000-mapping.dmp

Download
memory/1508-56-0x0000000075C81000-0x0000000075C83000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads