c01c0bce2f0088ebdd2f006b207ab1a2e033c455c59fc21b4e8bffcd2fd20077

Analysis

max time kernel
150s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-09-2024 02:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UUSeeMediaCenter.exe
Size

857KB
MD5

e9dc23b31ce0b677eab95bd26412f4e2
SHA1

d2fc5059ff5b894aa4f88a9230561b1da9fe4869
SHA256

93068f8f75ebf55efa75ae2678e0e83c1cbb1a8368bc59706fa991e8e07cb945
SHA512

c3612af35a0689032c499caa641d817a9c9388dd6f3ce0f490865792b7bd41d255d4145f85f96f0ddba8dcfaa1aeef6b961f4150a60aef0c5bb8d0c9e045d254
SSDEEP

12288:5esZsEd44Fd1BPZk8uHCq+bRS1KVWIldc8pNqUcSU/KqCM89TeOzQlXkYwizbf:isxVZfus8gWIzjNqB/KqCM89TeOzQP

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\struct~.ini	UUSeeMediaCenter.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UUSeeMediaCenter.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4032	UUSeeMediaCenter.exe
4032	UUSeeMediaCenter.exe
4032	UUSeeMediaCenter.exe
4032	UUSeeMediaCenter.exe
4032	UUSeeMediaCenter.exe
4032	UUSeeMediaCenter.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4032	UUSeeMediaCenter.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4032	UUSeeMediaCenter.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4032	UUSeeMediaCenter.exe
4032	UUSeeMediaCenter.exe
4032	UUSeeMediaCenter.exe
4032	UUSeeMediaCenter.exe
4032	UUSeeMediaCenter.exe
4032	UUSeeMediaCenter.exe
4032	UUSeeMediaCenter.exe

C:\Users\Admin\AppData\Local\Temp\UUSeeMediaCenter.exe
"C:\Users\Admin\AppData\Local\Temp\UUSeeMediaCenter.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\skins\UUPlayer\Resource.h

Filesize
4KB

MD5
12f9325ed13880c23dea4768f2f4a88f

SHA1
c1368a3ae0938f8dbf73b7b0640e9274aafa113d

SHA256
f36d0f30fb8a3aa082a876db5b5b7cc9bbe36a34f0e0923d270473ed2657f675

SHA512
a247a258c5697dc540713c76a76e424cca6cda31a3bf6632d7da047208bacc2d8dcc65f0264c27ef1ad4cfb71cf59e612b452ea76d8673a03fcfbb3c169c47ab

Download Submit
C:\Windows\struct~.ini

Filesize
204B

MD5
ed0b379229602df087441a94b41a16e1

SHA1
2facf512948ae2414ebf61e2d142fb2e671dce21

SHA256
7bde990763131a82c81fb111f735f08aef111c0f235553734f3656372f5626c2

SHA512
ecf323e59a669bbfff52d1b426a2bffcd19bcd1b84b6fa185c6d2a9166b66404f4119388ce56a7516241f1b87a3695ba929a6ef7baa784d72d0d4388efe52164

Download Submit
memory/4032-243-0x00000000068E0000-0x00000000069D2000-memory.dmp

Filesize
968KB

Download
memory/4032-226-0x0000000003CE0000-0x0000000003CE1000-memory.dmp

Filesize
4KB

Download
memory/4032-254-0x00000000068E0000-0x00000000069D2000-memory.dmp

Filesize
968KB

Download
memory/4032-223-0x0000000003CE0000-0x0000000003CE1000-memory.dmp

Filesize
4KB

Download
memory/4032-255-0x00000000068E0000-0x00000000069D2000-memory.dmp

Filesize
968KB

Download
memory/4032-229-0x0000000003CE0000-0x0000000003CE1000-memory.dmp

Filesize
4KB

Download
memory/4032-228-0x0000000003CE0000-0x0000000003CE1000-memory.dmp

Filesize
4KB

Download
memory/4032-256-0x00000000068E0000-0x00000000069D2000-memory.dmp

Filesize
968KB

Download
memory/4032-225-0x0000000003CE0000-0x0000000003CE1000-memory.dmp

Filesize
4KB

Download
memory/4032-224-0x0000000003CE0000-0x0000000003CE1000-memory.dmp

Filesize
4KB

Download
memory/4032-217-0x0000000003CE0000-0x0000000003CE1000-memory.dmp

Filesize
4KB

Download
memory/4032-253-0x00000000068E0000-0x00000000069D2000-memory.dmp

Filesize
968KB

Download
memory/4032-218-0x0000000003CE0000-0x0000000003CE1000-memory.dmp

Filesize
4KB

Download
memory/4032-219-0x0000000003CE0000-0x0000000003CE1000-memory.dmp

Filesize
4KB

Download
memory/4032-227-0x0000000003CE0000-0x0000000003CE1000-memory.dmp

Filesize
4KB

Download
memory/4032-257-0x00000000068E0000-0x00000000069D2000-memory.dmp

Filesize
968KB

Download
memory/4032-258-0x00000000068E0000-0x00000000069D2000-memory.dmp

Filesize
968KB

Download
memory/4032-259-0x00000000068E0000-0x00000000069D2000-memory.dmp

Filesize
968KB

Download
memory/4032-260-0x00000000068E0000-0x00000000069D2000-memory.dmp

Filesize
968KB

Download
memory/4032-261-0x00000000068E0000-0x00000000069D2000-memory.dmp

Filesize
968KB

Download
memory/4032-262-0x00000000068E0000-0x00000000069D2000-memory.dmp

Filesize
968KB

Download
memory/4032-263-0x00000000068E0000-0x00000000069D2000-memory.dmp

Filesize
968KB

Download
memory/4032-264-0x00000000068E0000-0x00000000069D2000-memory.dmp

Filesize
968KB

Download
memory/4032-265-0x00000000068E0000-0x00000000069D2000-memory.dmp

Filesize
968KB

Download
memory/4032-266-0x00000000068E0000-0x00000000069D2000-memory.dmp

Filesize
968KB

Download