e06566eba34b9cd601d4e003f8ff9e5e4c48246eaab1759ee5dbc2eeba04f290

General

Target

CFȶ쳣๦BtSp14/CF쳣64λ��.exe
Size

900KB
MD5

fc325eacdd37e8a4e077f1e4a4df5e73
SHA1

97cb09930a486e32845ef14104325fb2a2afc104
SHA256

c303b0571dad941b8693b285500178de54a5ec8a1f3b77b998e661905b8f8d8c
SHA512

6a86137fcb2ab2c8218719eeacc8b774c92874909f3172ac2214f319df9094fc697e0afef0cdeabb5b95d4a36c9551895e9491b3f637d02836d96c4d3fa25489
SSDEEP

24576:fDReYgQTXiDfEQ+iuZygzJA5jn0Ab4G7uBm:fNeYgOKf/+iul+Fn0A1gm

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 23 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral6/memory/5008-132-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral6/memory/5008-133-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral6/memory/5008-134-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral6/memory/5008-136-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral6/memory/5008-138-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral6/memory/5008-140-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral6/memory/5008-142-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral6/memory/5008-144-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral6/memory/5008-146-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral6/memory/5008-148-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral6/memory/5008-150-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral6/memory/5008-152-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral6/memory/5008-154-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral6/memory/5008-156-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral6/memory/5008-159-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral6/memory/5008-161-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral6/memory/5008-163-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral6/memory/5008-167-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral6/memory/5008-165-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral6/memory/5008-169-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral6/memory/5008-171-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral6/memory/5008-173-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral6/memory/5008-175-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\PastO8UMW.sys	CF쳣64λ��.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
648	Process not Found
648	Process not Found

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
5008	CF쳣64λ��.exe
5008	CF쳣64λ��.exe
5008	CF쳣64λ��.exe
5008	CF쳣64λ��.exe
5008	CF쳣64λ��.exe

C:\Users\Admin\AppData\Local\Temp\CFȶ쳣๦BtSp14\CF쳣64λ��.exe
"C:\Users\Admin\AppData\Local\Temp\CFȶ쳣๦BtSp14\CF쳣64λ��.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:5008

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5008-132-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/5008-133-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/5008-134-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/5008-136-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/5008-138-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/5008-140-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/5008-142-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/5008-144-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/5008-146-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/5008-148-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/5008-150-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/5008-152-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/5008-154-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/5008-156-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/5008-159-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/5008-161-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/5008-163-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/5008-167-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/5008-165-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/5008-169-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/5008-171-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/5008-173-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/5008-175-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing