Overview
overview
4Static
static
3ULTRAKILL.exe
windows7-x64
ULTRAKILL.exe
windows10-1703-x64
ULTRAKILL.exe
windows10-2004-x64
1ULTRAKILL.exe
windows11-21h2-x64
ULTRAKILL.exe
android-10-x64
ULTRAKILL.exe
android-11-x64
ULTRAKILL.exe
android-13-x64
ULTRAKILL.exe
android-9-x86
ULTRAKILL.exe
macos-10.15-amd64
4ULTRAKILL.exe
debian-9-armhf
ULTRAKILL.exe
debian-9-mips
ULTRAKILL.exe
debian-9-mipsel
ULTRAKILL.exe
ubuntu-18.04-amd64
Resubmissions
19/02/2024, 21:29
240219-1caa6sde7w 819/02/2024, 21:16
240219-z4js9add3s 419/02/2024, 21:15
240219-z4awcadc91 319/02/2024, 21:12
240219-z2gk4sdh23 419/02/2024, 21:09
240219-zzmdksdc4v 619/02/2024, 21:06
240219-zxt1msdg44 319/02/2024, 21:03
240219-zv6xesdf98 8Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
19/02/2024, 21:12
Static task
static1
Behavioral task
behavioral1
Sample
ULTRAKILL.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
ULTRAKILL.exe
Resource
win10-20240214-en
windows10-1703-x64
Behavioral task
behavioral3
Sample
ULTRAKILL.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
ULTRAKILL.exe
Resource
win11-20240214-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
ULTRAKILL.exe
Resource
android-x64-20231215-en
android-10-x64
Behavioral task
behavioral6
Sample
ULTRAKILL.exe
Resource
android-x64-arm64-20231215-en
android-11-x64
Behavioral task
behavioral7
Sample
ULTRAKILL.exe
Resource
android-33-x64-arm64-20231215-en
android-13-x64
Behavioral task
behavioral8
Sample
ULTRAKILL.exe
Resource
android-x86-arm-20231215-en
android-9-x86
Behavioral task
behavioral9
Sample
ULTRAKILL.exe
Resource
macos-20240214-en
macos-10.15-amd64
Behavioral task
behavioral10
Sample
ULTRAKILL.exe
Resource
debian9-armhf-20231215-en
debian-9-armhf
Behavioral task
behavioral11
Sample
ULTRAKILL.exe
Resource
debian9-mipsbe-20231215-en
debian-9-mips
Behavioral task
behavioral12
Sample
ULTRAKILL.exe
Resource
debian9-mipsel-20231215-en
debian-9-mipsel
Behavioral task
behavioral13
Sample
ULTRAKILL.exe
Resource
ubuntu1804-amd64-20231221-en
ubuntu-18.04-amd64
General
-
Target
ULTRAKILL.exe
-
Size
635KB
-
MD5
630f833b114430869c4682ea07e4ac86
-
SHA1
e8ce9fb4fe10eabd953696e8f1a38718742699c8
-
SHA256
49230b2c1f1c470b157923481daaca15b2a64ef8275e3a731e0cd89769a8d5db
-
SHA512
a7ac3d675cc9944d325fe419de754a4359671c4a23fc8c5dae61d4dd816b29c8fe9bb23d6def300c844f8eaeea961871a957659683989b519b4f746f65a6d386
-
SSDEEP
6144:K/7oYfSHQPWTUg482BEevumoLTh+6+2Bqty:I7qTUs2BEevumoB+6+Nty
Malware Config
Signatures
-
Modifies data under HKEY_USERS 15 IoCs
description ioc Process Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "218" LogonUI.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe -
Suspicious behavior: LoadsDriver 64 IoCs
pid Process 1564 Process not Found 4420 Process not Found 4448 Process not Found 4772 Process not Found 3488 Process not Found 1560 Process not Found 228 Process not Found 4152 Process not Found 836 Process not Found 1520 Process not Found 2104 Process not Found 1428 Process not Found 4236 Process not Found 1832 Process not Found 3848 Process not Found 1684 Process not Found 1300 Process not Found 4256 Process not Found 3432 Process not Found 4560 Process not Found 2352 Process not Found 3392 Process not Found 4492 Process not Found 4476 Process not Found 548 Process not Found 2044 Process not Found 4924 Process not Found 4816 Process not Found 2924 Process not Found 952 Process not Found 4588 Process not Found 4220 Process not Found 4512 Process not Found 712 Process not Found 3712 Process not Found 1756 Process not Found 4452 Process not Found 1748 Process not Found 3624 Process not Found 3724 Process not Found 3128 Process not Found 4400 Process not Found 3800 Process not Found 3480 Process not Found 1956 Process not Found 3232 Process not Found 3780 Process not Found 3192 Process not Found 3616 Process not Found 3764 Process not Found 4612 Process not Found 1256 Process not Found 1096 Process not Found 4000 Process not Found 5096 Process not Found 4316 Process not Found 4712 Process not Found 3984 Process not Found 3964 Process not Found 2820 Process not Found 2284 Process not Found 1452 Process not Found 2676 Process not Found 4736 Process not Found -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2212 LogonUI.exe