e06566eba34b9cd601d4e003f8ff9e5e4c48246eaab1759ee5dbc2eeba04f290

General

Target

CFȶ쳣๦BtSp14/CF쳣32λ��.exe
Size

876KB
MD5

6cbc49888f269e2550be25b0004f928e
SHA1

4b2c754e35dc48a521c75836a078b9980fc6d912
SHA256

0e3f2e99c002a1715f1e5c0ea33d52a208fe163c956ad9ee6acb1fb6db5e7aa6
SHA512

29efb03dfa94f9d75dd411c9186c2cc0510317b6de7e67362e66617772cd22118256126e0adfc18b81a6b212ee22483eb88941cb49b9623d19e3ec2f049fb6a6
SSDEEP

12288:DW0po/CNasWgk1teIP92VescyGqLChiJYFjQegUFNQ1R5nWFpPoSp5X5jeIQWt:DW0poaNgtlP92Ve8JY+U0YbHbjlQWt

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral4/memory/3724-132-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/3724-134-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/3724-133-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/3724-136-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/3724-138-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/3724-140-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/3724-142-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/3724-144-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/3724-146-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/3724-148-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/3724-150-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/3724-152-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/3724-154-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/3724-156-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/3724-158-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/3724-160-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/3724-162-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/3724-164-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/3724-166-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/3724-168-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/3724-170-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/3724-173-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/3724-175-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/3724-176-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\PastcZGX6.sys	CF쳣32λ��.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings	CF쳣32λ��.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
656	Process not Found
656	Process not Found

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3724	CF쳣32λ��.exe
3724	CF쳣32λ��.exe
3724	CF쳣32λ��.exe
3724	CF쳣32λ��.exe
3724	CF쳣32λ��.exe
1812	OpenWith.exe

C:\Users\Admin\AppData\Local\Temp\CFȶ쳣๦BtSp14\CF쳣32λ��.exe
"C:\Users\Admin\AppData\Local\Temp\CFȶ쳣๦BtSp14\CF쳣32λ��.exe"
1⤵
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3724

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1812

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3724-132-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3724-134-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3724-133-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3724-136-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3724-138-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3724-140-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3724-142-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3724-144-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3724-146-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3724-148-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3724-150-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3724-152-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3724-154-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3724-156-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3724-158-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3724-160-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3724-162-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3724-164-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3724-166-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3724-168-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3724-170-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3724-173-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3724-175-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3724-176-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing