Overview

overview

3

Static

static

1

UwU.zip

windows7-x64

1

UwU.zip

windows10-2004-x64

1

UwU.zip

windows7-x64

1

UwU.zip

windows10-2004-x64

1

UwU/data.pkl

windows7-x64

3

UwU/data.pkl

windows10-2004-x64

3

UwU/data/0

windows7-x64

1

UwU/data/0

windows10-2004-x64

1

UwU/data/1

windows7-x64

1

UwU/data/1

windows10-2004-x64

1

UwU/data/10

windows7-x64

1

UwU/data/10

windows10-2004-x64

1

UwU/data/100

windows7-x64

1

UwU/data/100

windows10-2004-x64

1

UwU/data/101

windows7-x64

1

UwU/data/101

windows10-2004-x64

1

UwU/data/102

windows7-x64

1

UwU/data/102

windows10-2004-x64

1

UwU/data/103

windows7-x64

1

UwU/data/103

windows10-2004-x64

1

UwU/data/104

windows7-x64

1

UwU/data/104

windows10-2004-x64

1

UwU/data/105

windows7-x64

1

UwU/data/105

windows10-2004-x64

1

UwU/data/106

windows7-x64

1

UwU/data/106

windows10-2004-x64

1

UwU/data/107

windows7-x64

1

UwU/data/107

windows10-2004-x64

1

UwU/data/108

windows7-x64

1

UwU/data/108

windows10-2004-x64

1

UwU/data/109

windows7-x64

1

UwU/data/109

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    13/02/2024, 17:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    UwU/data.pkl

  • Size

    60KB

  • MD5

    e767fdd035eb3dc2e246c38d91241eeb

  • SHA1

    c4faa107ed2218c48f1910b9b759c298127a5d49

  • SHA256

    19081e6b4e8adf5cf617c4600d76f94682917301a8376369778f39c649dd1648

  • SHA512

    1ce24e38d477ce93d701654fbb8dc3b336b6a8c1304dc07102ae17d334504e011b1128f1c317102811a1f5cb96d21d5b440b1173008ab9b8bae4685534cf458b

  • SSDEEP

    1536:eE0IMIR7Gim8tRst+k/Y0/mR0TM0jPSLqYH5uwHOaDsisp:ehIr7GijtOcf5uwHZc

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\UwU\data.pkl
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2760
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\UwU\data.pkl
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2680
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\UwU\data.pkl"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:1068

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
          Filesize

          3KB

          MD5

          933719d7fe1dcfc2ac91c57477c52b17

          SHA1

          5e25ce2b0870f75096aaaa897b5966e4a3985787

          SHA256

          999cf7c9607d6c9763f5159ce8b95e6f37cbddf1bceb375c59ba6247bdae5d02

          SHA512

          1d04f6cd0ec904b56524592a4c3b1b9befb9f5313f036d81f680ab28cd37a818d6a5360831169d2b1a31158e2b2e65fa08e027c5eef0ce39a1ef5624d7281d47

          Download Submit