48c616cbb15b33f9f8001ae8074e8f68657f604bb20b923ddb6722f752427a9e

Analysis

max time kernel
144s
max time network
155s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22-08-2024 06:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UUSeePlayer.exe
Size

421KB
MD5

9ab0941a1c54567373b6afed3f2ed491
SHA1

e0b8328027c65d4904e63124f80dc69e77ec0e6a
SHA256

b99716d09b8aa83e4cad5d9d889a144ddb04f8fe1f7f5bb58c656d873c3d04fb
SHA512

e79491c9c88775a735c9190d7a3d0536b62f62255f8da947358442309916a873d6923fa74cec237a1619ef12ecb2488b61394fb2058f3771ce621d7824190725
SSDEEP

6144:wk37CXfkVQp0lV731pO8nhJFSVpInCOXJYE56NnGrpk3iRYjZt5Bo:D7CXff0lN31NtWsYE565GCSRYjZt5Bo

Score

10^/10

discovery evasion

Malware Config

Signatures

Modifies firewall policy service 3 TTPs 2 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Local\Temp\UUSeePlayer.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\UUSeePlayer.exe:*:Enabled:UUPlayer"	UUSeePlayer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UUSeePlayer.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	UUSeePlayer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger = "yes"	UUSeePlayer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE = "yes"	UUSeePlayer.exe

Modifies registry class 31 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEENOTIFY\ = "URL:UUSEENOTIFY Protocol"	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEENOTIFY\shell\open\command	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf\ = "UUSEE Media File"	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf\Shell	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf\Shell\Open	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE\URL Protocol	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEENOTIFY\shell\open	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\UUSeePlayer.exe\",-150"	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEENOTIFY\URL Protocol	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ucf\ = "UUSEE.ucf"	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf\DefaultIcon	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEEREC\ = "URL:UUSEEREC Protocol"	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf\Shell\Open\Command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\UUSeePlayer.exe\" -file \"%1\""	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE\ = "URL:UUSEE Protocol"	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE\shell\open	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\UUSeePlayer.exe\" -v UUPlayer -url \"%1\""	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEEREC\shell\open	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEEREC\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\UUSeePlayer.exe\" -v UUPlayer -url \"%1\""	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEEREC\URL Protocol	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEEREC\shell	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEENOTIFY	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEENOTIFY\shell	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.ucf	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE\shell	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEEREC	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEEREC\shell\open\command	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf\Shell\Open\Command	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE\shell\open\command	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEENOTIFY\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\UUSeePlayer.exe\" -v UUPlayer -url \"%1\""	UUSeePlayer.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2728	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2728	AUDIODG.EXE
Token: 33	2728	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2728	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
2152	UUSeePlayer.exe
2152	UUSeePlayer.exe
2152	UUSeePlayer.exe
2152	UUSeePlayer.exe
2152	UUSeePlayer.exe
2152	UUSeePlayer.exe
2152	UUSeePlayer.exe
2152	UUSeePlayer.exe
2152	UUSeePlayer.exe
2152	UUSeePlayer.exe
2152	UUSeePlayer.exe
2152	UUSeePlayer.exe
2152	UUSeePlayer.exe
2152	UUSeePlayer.exe
2152	UUSeePlayer.exe
2152	UUSeePlayer.exe
2152	UUSeePlayer.exe

C:\Users\Admin\AppData\Local\Temp\UUSeePlayer.exe
"C:\Users\Admin\AppData\Local\Temp\UUSeePlayer.exe"
1⤵
- Modifies firewall policy service
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x5d0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\AD\UUAD_Banner_1.html

Filesize
728B

MD5
32df4d542a62373525276b13846d3982

SHA1
be05224471eafbbe6f3bb74c9d6b4edfac278b6f

SHA256
d36ac204d17006e662720a38259b88eb92642da41a02eea7abf5049fa0ff5d9e

SHA512
ad3be52be429ec31afa5fdfb9806458a3f367993db6aabb5f16fc2198a4c57b2692335f9ae65a88083dc8e1d84c69236100705017a0ef0dc02e203476e52f499

Download Submit
C:\Users\Admin\AppData\Local\Temp\AD\UUAD_Banner_3.html

Filesize
553B

MD5
623cf5086569b8c78e96a10ea5654a3b

SHA1
b5330cb47341142922fefd73467d948c85665d44

SHA256
8fad4b8e13e23cd0a1600cb559b169350c1de86d5a67419ee8bef396016da5be

SHA512
ad5443eb0ed99853ee6c852b5d8f278838e63cfc1b94e2847679acaebe4a7ed23b21985280c9a456faf404f6f4183dc6d356ddae2f9ad1af57278120c5fdff49

Download Submit
C:\Users\Admin\AppData\Local\Temp\AD\UUAD_Buffering.html

Filesize
1KB

MD5
2337e9d752b0bddd0e8dd4527de21268

SHA1
1025c31899f46d5f2ff7cf6338b677cce1beb377

SHA256
dba46a452ea0ecb3566ba94c1fe0e497324d543895a14edbcbb81048a417fd6b

SHA512
5a9410ecd9f73e77feb8d07ff665f3fd927b70dd587dcf8c40d72e6047f021efed39d117b4adac679a90f27f0b2c95085c2ca37cbb7f3568f632fe8f0dcfe765

Download Submit
C:\Users\Admin\AppData\Local\Temp\UUAD_Error.html

Filesize
306B

MD5
1b7585405ca22a1cc2b12108c2976b9f

SHA1
2601e2ada4ed99d1d1a0884efff9362831d4f295

SHA256
ae8df32900f2231dd722a0850f1aaa14101829e31f62c2f1706688ba8d1f49e4

SHA512
15ef5a91cc03f70897b82926a092e3f2f776b647987295cfcc728cd53fa4f0f5ad3c0fac3b8cfeda87045386d3c4fe1bb18d7b8a192527522e02dabdd165f682

Download Submit
C:\Users\Admin\AppData\Local\Temp\UUAD_Message.html

Filesize
419B

MD5
e1344a235249aee1e45f7400dbe7c303

SHA1
15f248fd4d9e8ee035999cc0ba83451d226ee0f4

SHA256
acb213a7e6b29b4bd2f3dce7d086c7187d1de96237e4d1125af099ae9f5d5fdf

SHA512
d237c38f451c2be81abf022b5400464d3daad87fdf872f6b5c69ffad04f384784f3033735fab9e20b6aed46aacd5771864f5a315df8499b7dd91ba7508df117f

Download Submit
C:\Users\Admin\AppData\Local\Temp\UUTV_Stop.html

Filesize
351B

MD5
c2740b8dca905245b4ebccbc7ecddcd1

SHA1
dcf4beadcc5811dedcc1626e3e4eb038bebcc066

SHA256
42889b0a8150c07f55ad3e05353b748c574cb84fef58aac4728d9f35a402f73a

SHA512
f0f797987a848899487c18757df25ecbfdeaeb0b07d19de99466f6737f4a391ceef07b4a6582bf9f5225a04083ac71a38491b4d4bc828d0717402b62a0cde369

Download Submit
C:\Users\Admin\AppData\Local\Temp\UUTV_UUPlayer.xml

Filesize
89KB

MD5
069b61256d87131f507cdf77d82de34e

SHA1
ca5fa12343d6c638572c64f534c607835fd52b81

SHA256
2c2d324dc04c8ff99b4176ec7cb20739f2d384c05c75da4d8aea8ca0f8be0dd7

SHA512
4c44d537799566dc62b346ff86899e78aaee9292646cd4c3da4023ab55e147d9722ad2bd895f89708e071d488c7594fa810af3fd4090511317f800db8cb41f41

Download Submit
memory/2152-80-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2152-101-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2152-4-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2152-5-0x0000000010000000-0x000000001004A000-memory.dmp

Filesize
296KB

Download
memory/2152-76-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2152-77-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2152-78-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2152-0-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2152-81-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2152-2-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2152-99-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2152-3-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2152-103-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2152-105-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2152-109-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2152-111-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2152-112-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2152-114-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2152-1-0x0000000000481000-0x0000000000482000-memory.dmp

Filesize
4KB

Download
memory/2152-118-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2152-120-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2152-122-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2152-126-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/2152-128-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads