e06566eba34b9cd601d4e003f8ff9e5e4c48246eaab1759ee5dbc2eeba04f290

General

Target

CFȶ쳣๦BtSp14/CF쳣64λ��.exe
Size

900KB
MD5

fc325eacdd37e8a4e077f1e4a4df5e73
SHA1

97cb09930a486e32845ef14104325fb2a2afc104
SHA256

c303b0571dad941b8693b285500178de54a5ec8a1f3b77b998e661905b8f8d8c
SHA512

6a86137fcb2ab2c8218719eeacc8b774c92874909f3172ac2214f319df9094fc697e0afef0cdeabb5b95d4a36c9551895e9491b3f637d02836d96c4d3fa25489
SSDEEP

24576:fDReYgQTXiDfEQ+iuZygzJA5jn0Ab4G7uBm:fNeYgOKf/+iul+Fn0A1gm

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral5/memory/1208-55-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-56-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-58-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-60-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-62-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-64-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-68-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-70-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-76-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-74-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-80-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-82-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-84-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-86-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-90-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-92-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-94-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-96-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-98-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-88-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-78-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-72-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-66-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-57-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1208-99-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\PastmIkXU.sys	CF쳣64λ��.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	CF쳣64λ��.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
464	Process not Found
464	Process not Found

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1208	CF쳣64λ��.exe
1208	CF쳣64λ��.exe
1208	CF쳣64λ��.exe
1208	CF쳣64λ��.exe
1208	CF쳣64λ��.exe

C:\Users\Admin\AppData\Local\Temp\CFȶ쳣๦BtSp14\CF쳣64λ��.exe
"C:\Users\Admin\AppData\Local\Temp\CFȶ쳣๦BtSp14\CF쳣64λ��.exe"
1⤵
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1208

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1208-54-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download
memory/1208-55-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-56-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-58-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-60-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-62-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-64-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-68-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-70-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-76-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-74-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-80-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-82-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-84-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-86-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-90-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-92-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-94-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-96-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-98-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-88-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-78-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-72-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-66-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-57-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1208-99-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing