fe76f28937b3d27d0c97f98e2a42a5432cde68af310ebe68fbc22db1f79c07fd

Analysis

max time kernel
147s
max time network
149s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 02:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UUSeePlayer.exe
Size

1.1MB
MD5

ec9624b5b7557ce9fccf7c34f2a5a3ae
SHA1

bdf4369f25dfcc9a49f9fa84ade190a99d7ff910
SHA256

501e5e748e4df5b13382e8f932a7a11fc311b91059863fbbcc94bc9e41d597d3
SHA512

9c443b0d2452517ba1ce0679afb063fe26e2eaa0c42d9e2018f466c27fe7939172c266ed65a1968e9cd9fbb17c18c6616a6f1e34fa473b1684f44e0c58b59d6e
SSDEEP

24576:2ShKos1i1C8d+qvJJ77IZA+ELJMs8KUV2:tUq+g0651

Score

10^/10

discovery evasion

Malware Config

Signatures

Modifies firewall policy service 3 TTPs 2 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Local\Temp\UUSeePlayer.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\UUSeePlayer.exe:*:Enabled:UUPlayer"	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	UUSeePlayer.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\struct~.ini	UUSeePlayer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UUSeePlayer.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	UUSeePlayer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger = "yes"	UUSeePlayer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE = "yes"	UUSeePlayer.exe

Modifies registry class 31 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEEREC\shell	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE\shell\open\command	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE\shell\open	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEENOTIFY\shell\open\command	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf\Shell\Open\Command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\UUSeePlayer.exe\" -file \"%1\""	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.ucf	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ucf\ = "UUSEE.ucf"	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf\ = "UUSEE Media File"	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE\URL Protocol	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEEREC	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEENOTIFY\shell\open	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE\ = "URL:UUSEE Protocol"	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEENOTIFY	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf\Shell\Open\Command	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEEREC\ = "URL:UUSEEREC Protocol"	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEENOTIFY\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\UUSeePlayer.exe\" -v UUPlayer -url \"%1\""	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\UUSeePlayer.exe\",-150"	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEEREC\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\UUSeePlayer.exe\" -v UUPlayer -url \"%1\""	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf\DefaultIcon	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEENOTIFY\shell	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf\Shell\Open	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE\shell	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEEREC\URL Protocol	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEENOTIFY\ = "URL:UUSEENOTIFY Protocol"	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEENOTIFY\URL Protocol	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE.ucf\Shell	UUSeePlayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEE\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\UUSeePlayer.exe\" -v UUPlayer -url \"%1\""	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEEREC\shell\open\command	UUSeePlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UUSEEREC\shell\open	UUSeePlayer.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1512	UUSeePlayer.exe

Suspicious use of SetWindowsHookEx 35 IoCs

pid	Process
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe
1512	UUSeePlayer.exe

C:\Users\Admin\AppData\Local\Temp\UUSeePlayer.exe
"C:\Users\Admin\AppData\Local\Temp\UUSeePlayer.exe"
1⤵
- Modifies firewall policy service
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCY0HBA7\errorPageStrings[1]

Filesize
2KB

MD5
e3e4a98353f119b80b323302f26b78fa

SHA1
20ee35a370cdd3a8a7d04b506410300fd0a6a864

SHA256
9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

SHA512
d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

Download Submit
C:\Users\Admin\AppData\Local\Temp\UUDEF_Error.html

Filesize
278B

MD5
53e0ef76c32466cd92cf9ccc738ee1e4

SHA1
9ca4e9335799031a2e4231221514af62a40b2e1b

SHA256
0b7937e6d9fa6bf055adf56b5b6a76ad140426970a33eae2fada4fc8af782e70

SHA512
6f330f91d15f1d74a0d0f2c5e791ef3f659c509174a6a36a5bf228c1be7640d35633583cb80104c7dd7faee4ee19d6f6437b8374a8b76084c117cdcdf848c644

Download Submit
C:\Users\Admin\AppData\Local\Temp\UUDEF_Error.html

Filesize
306B

MD5
2b2118370a6b1c0d64313cfd928c8414

SHA1
d01bf3ec498438c58a16c28ba2ecd13ae2efd030

SHA256
1df2f695c80ea75e0dffcd5b66afe5672f6215f50f6620bcf05240ceb4aac79f

SHA512
b371373b002ae3408553d1ee01e7fd385030e4923041d8cdaad07b082e8aa3b58a0d8c864860ccbc5a81ecd16341a7c2f4aeb1bcefc6a63a910e2e0bbc0d30f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\UUDEF_Message.html

Filesize
419B

MD5
aae06f9422c472669168866253a25f38

SHA1
a0cc595dddc5adfe3d9f67d002c89d88e5fd728f

SHA256
37a37694c498c28fd1c6f5634da22b7624f7511940677f59e600da6066dc66f4

SHA512
efab9564c49d6593f35ef51aa91387fdab29cbf85396bc0f94960db7d485bb9e771ea462537396d329b9d7c7152b7e02494acdfce9d1f3ffd6028a5e48b2ada0

Download Submit
C:\Users\Admin\AppData\Local\Temp\UUTV_DL.html

Filesize
2KB

MD5
36a7049665cf9c7fd9ad7f84715620f0

SHA1
78e7233640f08c9041f7f822d8f6042874d3ebba

SHA256
ca0a472882adcf92e09453f283a82e46374f3a8620b3412385b0e99d6cab5336

SHA512
a120cfbe1c7052917fef767273c72e6f309d6480c05c4b27cc0561d3da3d9b586d072d7812fd88fca0ce17f6244141789ca0bfe30d1986074c2310e9a120239f

Download Submit
C:\Users\Admin\AppData\Local\Temp\UUTV_Stop.html

Filesize
353B

MD5
929606839dca4647966658497ce1c32f

SHA1
3cdace47d91cde96e5116335b66fb8b8df4d34cf

SHA256
956eb7c6f43542fb150f42a725497a2005355a7a222d75fb65a65824af499620

SHA512
6ce45d58fa3db560c96c69b47c6538ae358b1142bccbb078594126764cc323c768545580e96f45e3b83510dd20757a837876dac01760c05ed21f8f6e509116e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\UUTV_UUPlayer.xml

Filesize
153KB

MD5
94759c0f928faa28feba3686f6dc5c29

SHA1
1d5be51db32d2276c6546c4009aea59dfbd4e2c1

SHA256
ff66f0d266e9721c2f91b3d98171f8a6801ab0fa9595c0a141250426f222bf88

SHA512
9ae2e6790c73275a4eb07a35909ca08ede26ab3880ce7f87cce6c6fe3cffaa84ecbfeb8880ad3753d400ea5759d0c3b8ff93eafd6854f2f4d176a46899430e2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\def\UUDEF_Banner_1.gif

Filesize
6KB

MD5
a7ce6510dbd5b3bca748c4597b640848

SHA1
603446cf56eeeddbb11b8c0f314805985db3098e

SHA256
f21766987294c04c5b783b0629002a8e4773b923deb4c623f6882052af509c65

SHA512
baa104bc9f1c446ed46e0ab0ee996b035c1c0ba9c161cb8f7ba5baea2222f0524d0e3991b4c34c8027c3dbc124110c8eb3b291d7d6ca34021485be7c8898a6be

Download Submit
C:\Users\Admin\AppData\Local\Temp\def\UUDEF_Banner_1.html

Filesize
307B

MD5
b168e08881ca9992c6612cab02feb773

SHA1
e0528f3183d03236acf85574c2fc67e6dd6140ec

SHA256
ffecef238125ea9f7743df56c2505e7fad38a1da95b3cf91774779b84d61f728

SHA512
366877d1ccab485dc83045c4d7cc9729529ed010b57595602882d99d2d539b5a548c3b544ede162ff6465e439a34456216f506317fcb45224bc1c99b65005952

Download Submit
C:\Users\Admin\AppData\Local\Temp\def\UUDEF_Banner_2.html

Filesize
553B

MD5
45a12ef44895add34325c46ef648ebac

SHA1
1cb414414c5de40ec3454a29a87da6d04b9052d9

SHA256
bcef7641260359a67921ae73a6e999eaba9dca2e23ed9c964c821a5848f0dbde

SHA512
d777b357d4d31d7440f0b918db84d949eb515f55a565aff21ca6d09f94e107c3145e8358ef9e282c2d75d7c6ab926079394073b30c8de8d9a6400f1fc589dde7

Download Submit
C:\Users\Admin\AppData\Local\Temp\def\UUDEF_Banner_3.html

Filesize
728B

MD5
1f88a4993e3810ecbf24d99aeeaf1d8e

SHA1
dedb7989ed714f72a293ffc59a7af48831d57fc7

SHA256
acd1e2205455fa12fd899db80b5e1e6176d2b0c1b4021edcab5f31c0aafc658c

SHA512
40a4f5a8c76db8489087dca6ce0bd4310016c9afaae07214fa14096b623331bc12ea67e0b550a4f160751eb79710ce89b8e0864c57be99cc15c1599ecb49ec15

Download Submit
C:\Users\Admin\AppData\Local\Temp\def\UUDEF_Banner_5.html

Filesize
553B

MD5
8cc417993d7946195497e952b567588c

SHA1
d48405caa6f587cb88f08242da770f694a09d746

SHA256
68cc93ed9e0777c65f6718672347ef4082e2a103df3756f44fd605b40e0fd102

SHA512
37dc107e0d187711f241e137d1d44f75a37c1f95fb13f88378335a7043f3e2eccf916d46f17213a2de0e1711e4b391c3f73cab9ba7d23031bd6989fb78553aae

Download Submit
C:\Users\Admin\AppData\Local\Temp\def\UUDEF_Banner_7.gif

Filesize
6KB

MD5
80910310828d0a3796658fb0c4549b6d

SHA1
8b4263bf72ecd651c9eb25613d68874459df15a8

SHA256
4d5c4da03fb84337bba915dc4d6c365c130063894dd96926d88c89c6aab5b5ab

SHA512
bdc1d04d93193f1499a00fbd76c1bfbcbc14956a4c88d7069e81efd6d417a95a0f97b72b5222029fc758ce6a6c41fcebec3d192ce91107a56116791aeabc8555

Download Submit
C:\Users\Admin\AppData\Local\Temp\def\UUDEF_Banner_7.html

Filesize
364B

MD5
cef3007383b79c8b28f5c101019e33b7

SHA1
0cfafe8c2c56e43da6a470d52ee544545b2c24c5

SHA256
e135acf930e79b13b9cdb5e3e65d3be7fc038f975173270f751283dc072b04d5

SHA512
13d00210f29fe945637c287aa805c6e0df7d6c35413c7298c6a871d17af809ffe6415a96dc9c8b80bee9c67f53b0eec4ffb2d2de172c66ac4c337a2225e0be41

Download Submit
C:\Users\Admin\AppData\Local\Temp\def\UUDEF_Banner_8.gif

Filesize
87KB

MD5
96f3438c9a1e1ce893bc14211c302e2f

SHA1
02fe22bc6e20d7eefc6b75ccf34990e87ae55659

SHA256
8aa0b2e0573359d7a15477583b9010d6c64706f0b3a8cb19eadecf1fff0c17a5

SHA512
f5399fee403964ac351155ea653d1e7fee393307e811a064ea89a591609bbfa81eedffd4b4a7faa6922cdb9c87177f3ae71a302629e3a73ee8025c73bda8a9d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\def\UUDEF_Banner_8.html

Filesize
323B

MD5
0a0349165087a6efcef0cc04c21b957e

SHA1
517e00c08d403722536e1eb3a156a43ce76acaa2

SHA256
78c988715f9a7c9a76354c5175f684f997e12c73589d8a1326d99fc3b1f22533

SHA512
f0924298cafe1b219127305c0d6cf2373bf7580bc9f95ea82e3166d68e1a42f87c20a534710bcaf47853ec96a6ad34427a76840c4e807e122413cc85afdfe72c

Download Submit
C:\Users\Admin\AppData\Local\Temp\def\UUDEF_Buffering.html

Filesize
1KB

MD5
5ebd082f5a2f9d6fabb62ad23f69d775

SHA1
28ce90fe171ce702ee16e694f51c4ae589ed0995

SHA256
1576a2f24051bf741ae8e5fe1f43d1e8f6c9acb2aa05c311274792b505ba5fd4

SHA512
13d22eb34d5d3c9a5fd90f93ff07fa7a7d3cb76f2083882c382e13bfcc66cbf03579fec08581d113a1741b471f10aea6dad2a433bed7c4231b7915c09e910836

Download Submit
C:\Windows\struct~.ini

Filesize
204B

MD5
ed0b379229602df087441a94b41a16e1

SHA1
2facf512948ae2414ebf61e2d142fb2e671dce21

SHA256
7bde990763131a82c81fb111f735f08aef111c0f235553734f3656372f5626c2

SHA512
ecf323e59a669bbfff52d1b426a2bffcd19bcd1b84b6fa185c6d2a9166b66404f4119388ce56a7516241f1b87a3695ba929a6ef7baa784d72d0d4388efe52164

Download Submit
memory/1512-84-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download
memory/1512-396-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download
memory/1512-724-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download
memory/1512-0-0x00000000004AB000-0x00000000004AC000-memory.dmp

Filesize
4KB

Download
memory/1512-538-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download
memory/1512-537-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads