Overview
overview
10Static
static
748c616cbb1...9e.exe
windows7-x64
748c616cbb1...9e.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$SYSDIR/gpyapi.dll
windows7-x64
3$SYSDIR/gpyapi.dll
windows10-2004-x64
3$SYSDIR/gtapi.dll
windows7-x64
3$SYSDIR/gtapi.dll
windows10-2004-x64
3$TEMP/Goog...er.exe
windows7-x64
8$TEMP/Goog...er.exe
windows10-2004-x64
$TEMP/Goog...ed.msi
windows7-x64
6$TEMP/Goog...ed.msi
windows10-2004-x64
6$TEMP/setu...20.exe
windows7-x64
7$TEMP/setu...20.exe
windows10-2004-x64
7ies_uni.exe
windows7-x64
7ies_uni.exe
windows10-2004-x64
7iesuper.dll
windows7-x64
6iesuper.dll
windows10-2004-x64
6UUPlayer.dll
windows7-x64
3UUPlayer.dll
windows10-2004-x64
3UUSeePlayer.exe
windows7-x64
10UUSeePlayer.exe
windows10-2004-x64
10bass-plugins.exe
windows7-x64
7bass-plugins.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3Analysis
-
max time kernel
140s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
22-08-2024 06:51
Behavioral task
behavioral1
Sample
48c616cbb15b33f9f8001ae8074e8f68657f604bb20b923ddb6722f752427a9e.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral2
Sample
48c616cbb15b33f9f8001ae8074e8f68657f604bb20b923ddb6722f752427a9e.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$SYSDIR/gpyapi.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral10
Sample
$SYSDIR/gpyapi.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$SYSDIR/gtapi.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral12
Sample
$SYSDIR/gtapi.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$TEMP/GooglePinyinDownloader.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral14
Sample
$TEMP/GooglePinyinDownloader.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
$TEMP/GoogleToolbarInstaller_zh-CN_signed.msi
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral16
Sample
$TEMP/GoogleToolbarInstaller_zh-CN_signed.msi
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
$TEMP/setup_iesuper_1020.exe
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral18
Sample
$TEMP/setup_iesuper_1020.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
ies_uni.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral20
Sample
ies_uni.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
iesuper.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral22
Sample
iesuper.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
UUPlayer.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral24
Sample
UUPlayer.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
UUSeePlayer.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral26
Sample
UUSeePlayer.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
bass-plugins.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral28
Sample
bass-plugins.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral30
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral32
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
UUSeePlayer.exe
-
Size
421KB
-
MD5
9ab0941a1c54567373b6afed3f2ed491
-
SHA1
e0b8328027c65d4904e63124f80dc69e77ec0e6a
-
SHA256
b99716d09b8aa83e4cad5d9d889a144ddb04f8fe1f7f5bb58c656d873c3d04fb
-
SHA512
e79491c9c88775a735c9190d7a3d0536b62f62255f8da947358442309916a873d6923fa74cec237a1619ef12ecb2488b61394fb2058f3771ce621d7824190725
-
SSDEEP
6144:wk37CXfkVQp0lV731pO8nhJFSVpInCOXJYE56NnGrpk3iRYjZt5Bo:D7CXff0lN31NtWsYE565GCSRYjZt5Bo
Malware Config
Signatures
-
Modifies firewall policy service 3 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List UUSeePlayer.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile UUSeePlayer.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications UUSeePlayer.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Local\Temp\UUSeePlayer.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\UUSeePlayer.exe:*:Enabled:UUPlayer" UUSeePlayer.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language UUSeePlayer.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\Main UUSeePlayer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Disable Script Debugger = "yes" UUSeePlayer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE = "yes" UUSeePlayer.exe -
Modifies registry class 31 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEEREC\ = "URL:UUSEEREC Protocol" UUSeePlayer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEENOTIFY\ = "URL:UUSEENOTIFY Protocol" UUSeePlayer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEENOTIFY\shell UUSeePlayer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf\Shell\Open UUSeePlayer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE\URL Protocol UUSeePlayer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf\DefaultIcon UUSeePlayer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf\Shell UUSeePlayer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf\Shell\Open\Command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\UUSeePlayer.exe\" -file \"%1\"" UUSeePlayer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\UUSeePlayer.exe\" -v UUPlayer -url \"%1\"" UUSeePlayer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEEREC\shell\open\command UUSeePlayer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEEREC\shell UUSeePlayer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE\ = "URL:UUSEE Protocol" UUSeePlayer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE\shell\open UUSeePlayer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEEREC\shell\open UUSeePlayer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.ucf UUSeePlayer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\UUSeePlayer.exe\",-150" UUSeePlayer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf\Shell\Open\Command UUSeePlayer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEEREC\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\UUSeePlayer.exe\" -v UUPlayer -url \"%1\"" UUSeePlayer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEENOTIFY\shell\open\command UUSeePlayer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.ucf\ = "UUSEE.ucf" UUSeePlayer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf UUSeePlayer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf\ = "UUSEE Media File" UUSeePlayer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEENOTIFY\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\UUSeePlayer.exe\" -v UUPlayer -url \"%1\"" UUSeePlayer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE UUSeePlayer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE\shell\open\command UUSeePlayer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEEREC UUSeePlayer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEEREC\URL Protocol UUSeePlayer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEENOTIFY UUSeePlayer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE\shell UUSeePlayer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEENOTIFY\shell\open UUSeePlayer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UUSEENOTIFY\URL Protocol UUSeePlayer.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
pid Process 904 UUSeePlayer.exe 904 UUSeePlayer.exe 904 UUSeePlayer.exe 904 UUSeePlayer.exe 904 UUSeePlayer.exe 904 UUSeePlayer.exe 904 UUSeePlayer.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
419B
MD5e1344a235249aee1e45f7400dbe7c303
SHA115f248fd4d9e8ee035999cc0ba83451d226ee0f4
SHA256acb213a7e6b29b4bd2f3dce7d086c7187d1de96237e4d1125af099ae9f5d5fdf
SHA512d237c38f451c2be81abf022b5400464d3daad87fdf872f6b5c69ffad04f384784f3033735fab9e20b6aed46aacd5771864f5a315df8499b7dd91ba7508df117f