8177d2261fd91fc12e5ca94b0b62430e80d16c0460bf6d218fc9563713e325ec

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14/08/2024, 12:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ugug.exe
Size

68.1MB
MD5

5e66da13e983dabdfc0bd1149b513e06
SHA1

c148c29b88d5d85555038e326ddf362d728523f5
SHA256

8177d2261fd91fc12e5ca94b0b62430e80d16c0460bf6d218fc9563713e325ec
SHA512

95ee297a3944e12ad100dbb4a7594ac5795f15666ae516468e2294a2ec349c785c01b08448d7c15e8d2e2f79806851e8dc5ecd1aa8efa8cd23966fa30a548352
SSDEEP

786432:fN3eETMN7Zj8TAhSLiEiDvFqAOODZXb+UMfFb+/APlbA4nftIpwRKV5iZeL1teK4:6jZhSLFSv4APbP/SlVowWUh5F

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 14 IoCs

pid	Process
2332	ugug.exe
2332	ugug.exe
2332	ugug.exe
2332	ugug.exe
2332	ugug.exe
2332	ugug.exe
2332	ugug.exe
2332	ugug.exe
2332	ugug.exe
2332	ugug.exe
2332	ugug.exe
2332	ugug.exe
2332	ugug.exe
2332	ugug.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ugug.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000_CLASSES\discord-1012113295148335204\shell\open	ugug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000_CLASSES\discord-1012113295148335204\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ugug.exe"	ugug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000_CLASSES\discord-1012113295148335204\ = "URL:Run game 1012113295148335204 protocol"	ugug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000_CLASSES\discord-1012113295148335204\URL Protocol	ugug.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000_CLASSES\discord-1012113295148335204\DefaultIcon	ugug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000_CLASSES\discord-1012113295148335204\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ugug.exe"	ugug.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000_CLASSES\discord-1012113295148335204\shell\open\command	ugug.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000_CLASSES\discord-1012113295148335204\shell	ugug.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000_CLASSES\discord-1012113295148335204	ugug.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2332	ugug.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2332	ugug.exe

C:\Users\Admin\AppData\Local\Temp\ugug.exe
"C:\Users\Admin\AppData\Local\Temp\ugug.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\mrtC5AF.tmp\DRPC.mfx

Filesize
861KB

MD5
66726fdf933ad94bf73ab40430abadd0

SHA1
77bfe6fd11acb69d9735af1fd291c496773e1249

SHA256
163f8e16167f79bf88a4175af056d31256775b6c68f33e00528f26585e4d0354

SHA512
83f6b4d61a5366bd6cf6b99f55a8d0681b413271fdfa8e9164b73032a9c972c7a1a1b2ecc2ded30c7a352a2895e1780facefc66f1436abd62d148a30300ce4f6

Download Submit
\Users\Admin\AppData\Local\Temp\mrtC5AF.tmp\Easing.mfx

Filesize
168KB

MD5
052d1c7eed7b50a18eddc10dfad3ae22

SHA1
6f88687f930e73106d2b8af00f5317eca74e0c61

SHA256
1b5e79e999c4cff19fe0260bdeaeeaea0fcda6057bf6d17bf0f121e9797d20ef

SHA512
ef89c692a47d2ad66d6f4e722e9b330a85cca0faea2f022abfc3da3c1d32fc7c0cf01d6a6e36fddd0b82c97eebc707c9e00e2431792d551b7178fb8d50452966

Download Submit
\Users\Admin\AppData\Local\Temp\mrtC5AF.tmp\clickteam-circular.mvx

Filesize
28KB

MD5
670cfc229784a242beb960a430ae9764

SHA1
9818a8a255e58e28c1e7617aa7ab38f29067e4f5

SHA256
671a01a39fa56a32fc0a43b16038d3077202734a7beacd50d73439011a74a4cb

SHA512
7eb59b4391fed479803c2c2ba075d3fa4581473495f2458b0a86fc3d27f8b7e56a012b920bf2b5f1697b4eb498c8d16de17ebed9f10eb55686048cd4f96df1a1

Download Submit
\Users\Admin\AppData\Local\Temp\mrtC5AF.tmp\kcini.mfx

Filesize
330KB

MD5
a6ad14845999c5aa7adf2911671a7c5b

SHA1
98dfd5a9584d1c1b330c2c104c1779bd55ded211

SHA256
5af175ffb932fb653873dad095dd40f2ab8d3fb56f287213c21bb68652ddad2d

SHA512
32bb59826b82d47ec420ac2532e1387a85422d2f0ce5370ad2c95b914a7615d3b122dbf4dd045105eb8ffea49324dac57659f0e5f2500b4d0eb75047cb36dfd8

Download Submit
\Users\Admin\AppData\Local\Temp\mrtC5AF.tmp\kclist.mfx

Filesize
32KB

MD5
10a8ccacb046c0dc05adfc6964e99e95

SHA1
48acabc563a9c6d48eae3eda5254306127c00528

SHA256
57d8f859ecf57eed8f2fdc3271ec1d57c879899a527d77a80c9f45b1377742f5

SHA512
e972e0a6d4aa5c0cab99283c27038eb31f0adf2f581b4be9b58768d25a81f71e2aa5482500e4cb16bbc60d41f84ef926cd61a9cbe9fce1fce4adca564a6b147a

Download Submit
\Users\Admin\AppData\Local\Temp\mrtC5AF.tmp\kcwctrl.mfx

Filesize
63KB

MD5
fa3aa3c51150eb5410dc3d74484d84bb

SHA1
3ffca600b9d8b2d580c99021c95e8c6400d9a824

SHA256
0666e52ea54bb2bdb81216443ea0787b8fcc6292b64d6bdf285eebf42e1bbae6

SHA512
81ec7ec2a5877d1b226dfb4ccc8c3946b61fb409d5c53c789e6f8c310a0dc0b3ce1681613cc110a5559540a0ab302e6c36a00d0df07acb41c5a7c35b37d4594a

Download Submit
\Users\Admin\AppData\Local\Temp\mrtC5AF.tmp\mmf2d3d9.dll

Filesize
1.5MB

MD5
c85bcc9f3049b57aa8ccbb290342ff14

SHA1
38f5b81a540f1c995ff8d949702440b70921acc5

SHA256
bddda991185a9e83b9855a109f2fcfa78cd2d5402e9db344c6ec77f6ce69a0c5

SHA512
5097f9d78ddc651aabf41f217f622ee656a1c6de6a9b339354525293102cf631cca2b7babaf991e99e49efe4d1bb6792c8a7a11f82e4ae2081c3961eb9b5afe7

Download Submit
\Users\Admin\AppData\Local\Temp\mrtC5AF.tmp\mmfs2.dll

Filesize
768KB

MD5
200520e6e8b4d675b77971dfa9fb91b3

SHA1
0c583bf4c3eda9c955fd0d0d3ba7fdc62a43bf07

SHA256
763ef4484ba9b9e10e19268c045732515f0ac143cf075e6d1ea1f5adcc77633b

SHA512
8b7bb334b6bd83ae43e5a4fe32a92b38b1edd2c292c4a540a54c2ee16092eb30108524c1c363508f7c62617bb224d9b447f07cda97ab7de01688acbfbacec51b

Download Submit
\Users\Admin\AppData\Local\Temp\mrtC5AF.tmp\mp3flt.sft

Filesize
24KB

MD5
5bebc3ae0122702b89f9262888d3a393

SHA1
064731c0f1d493b5b82921fa78f06e3d1db95284

SHA256
81c9a9459a8e124793addf142cd513945d6fe600e1d67f74897898d7570e56b2

SHA512
c10cb520c2c4a9fe7c371f17ce7f86f138db247468ab1e465dafd7abd294c2beb13cf3a2595b4c8c820d911d8b70842c8f4e45398693c4f0454f973bd58a10a1

Download Submit
\Users\Admin\AppData\Local\Temp\mrtC5AF.tmp\oggflt.sft

Filesize
130KB

MD5
0c8c1ee3ba92189f4ce21d1b396a2765

SHA1
b7daa4a6e16416151dccbb0a89f304961b6cb627

SHA256
9e589f86317d840df9bb74f6ee20c24ca65afe58f4009740382f63a0f5531941

SHA512
0a4339092ac55bac3b1bdfaaa3401020f8f49918bd2fdb14524f3d558eb840b876aedfdeb54a1da163fa36393abf3fe8ab7e112a34ea9d891e82a22e96c85ddc

Download Submit
\Users\Admin\AppData\Local\Temp\mrtC5AF.tmp\pinball.mvx

Filesize
68KB

MD5
b208ae4e862a6c6bd6b99bc31b7bf1f9

SHA1
9f7cd9ea0b400c63f11c0a6e7ca5546db7ff218b

SHA256
cbcd1b19716940cb7b48986dfd51f36bc9e04625c4b6face3822a16ed7b49825

SHA512
8ee62a8fcdc26527a2f2b733eefb4fa629ce6ea4cf65d382d95af691874839e88cca8ceaa7e267dc69aa886bdce42c2f64d3cd0743d01bd6f8fdf825fc4e74a3

Download Submit
\Users\Admin\AppData\Local\Temp\mrtC5AF.tmp\txtblt.mfx

Filesize
36KB

MD5
8740745e7af7926a0e7d3b194fb51fdf

SHA1
d7688925efd0287334d444a9e4bd584177ed0fbc

SHA256
09a214d9738946b14c4470ea95b45de41641e5d69b7559dbf336f7b4624859b0

SHA512
dc52c25b588f386cceb0eef912e0ac38ffb07443011c957ca3d0fda8c2c6d41e8fbcb33dfc1b7c5ff469216cd8c233d5025b88575bd10684827c18fb5ef52bb3

Download Submit
\Users\Admin\AppData\Local\Temp\mrtC5AF.tmp\ultimatefullscreen.mfx

Filesize
73KB

MD5
96059dbec69c3904e4d7ce734a4b38d0

SHA1
5169934f8d89b0dba963861dcbae55e78fc21dfc

SHA256
fd179783ff6e6eb0959185087f33ed4a1b256e58762d9817bcb16888e20f7058

SHA512
82977b2c249e47ca37d6fd62f416ed995b4b5f953bc5c18c84bfbdacc2c5b17fdc50c1e736fafcac242a3f8921b5000e0ec84302bc4e0077d6eeee3aa43cc520

Download Submit
\Users\Admin\AppData\Local\Temp\mrtC5AF.tmp\waveflt.sft

Filesize
8KB

MD5
57ea61dd14314ef155e80c6a0be8a664

SHA1
963b0ef2fe976ff77044a821fe1e29be4a8cf8a7

SHA256
92a5053cf5973a6aa228c738d55387f12f1dfa8a837d7b938c60f05b6b56b3ad

SHA512
cc23cb30d76d22500c3ed7ce9ee0388588309d0779441b95559fce25a42f1eff52ca285c347655f8b33c15b75f9d2067738a151f81f605d3b563799a3a06c9a9

Download Submit
memory/2332-26-0x0000000000420000-0x0000000000450000-memory.dmp

Filesize
192KB

Download
memory/2332-41-0x0000000000460000-0x0000000000472000-memory.dmp

Filesize
72KB

Download
memory/2332-49-0x00000000006F0000-0x0000000000714000-memory.dmp

Filesize
144KB

Download