Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3d34f7280b2...18.exe
windows7-x64
7d34f7280b2...18.exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3CoCode.dll
windows7-x64
3CoCode.dll
windows10-2004-x64
3SDL.dll
windows7-x64
3SDL.dll
windows10-2004-x64
3SsmpVlogLayerComm.dll
windows7-x64
3SsmpVlogLayerComm.dll
windows10-2004-x64
3UFDeMux.dll
windows7-x64
3UFDeMux.dll
windows10-2004-x64
3UFSource.dll
windows7-x64
3UFSource.dll
windows10-2004-x64
3UPnPNat.dll
windows7-x64
3UPnPNat.dll
windows10-2004-x64
3UUPlayer.exe
windows7-x64
3UUPlayer.exe
windows10-2004-x64
3UUPlayer.dll
windows7-x64
3UUPlayer.dll
windows10-2004-x64
3UUSeeMediaCenter.exe
windows7-x64
4UUSeeMediaCenter.exe
windows10-2004-x64
4UUUpgrade.exe
windows7-x64
3UUUpgrade.exe
windows10-2004-x64
3UUUpgrade.dll
windows7-x64
3UUUpgrade.dll
windows10-2004-x64
3Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
08/09/2024, 02:15
Static task
static1
Behavioral task
behavioral1
Sample
d34f7280b2130f75e72f9af59808931c_JaffaCakes118.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
d34f7280b2130f75e72f9af59808931c_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
CoCode.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral12
Sample
CoCode.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
SDL.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral14
Sample
SDL.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
SsmpVlogLayerComm.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral16
Sample
SsmpVlogLayerComm.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
UFDeMux.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral18
Sample
UFDeMux.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
UFSource.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral20
Sample
UFSource.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
UPnPNat.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral22
Sample
UPnPNat.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
UUPlayer.exe
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral24
Sample
UUPlayer.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
UUPlayer.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral26
Sample
UUPlayer.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
UUSeeMediaCenter.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral28
Sample
UUSeeMediaCenter.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
UUUpgrade.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral30
Sample
UUUpgrade.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
UUUpgrade.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral32
Sample
UUUpgrade.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
UUUpgrade.exe
-
Size
245KB
-
MD5
ee312a70c89c6b7c396c4476feaf6719
-
SHA1
3bc8e5010bc286acb3c08c9822317b3e6301910e
-
SHA256
060465633683c494a9ae9dbc54030fbad70d9ecf09cc462238122b613e81e0cc
-
SHA512
cc0db276b40e873144d03f2509c1b2bd0d3822952cf5a2a74f4a2a393a6759f2f739224e14e6cb22f0503081cf63319d811252ff122a07232fce8e1f6ad2e4ee
-
SSDEEP
3072:/erSAkNdtEqwXW+0IEcwdTFf1sJGoDf9woSMmAdiAQkwdTg0gK:/Q+mxQBzgr3SMmwZQFB1
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language UUUpgrade.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UUUPGRADE.UUUpgradeCtrl.1\ = "UUUpgrade Control" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{0583926D-C114-4605-8DF3-770402F50E61}\CLSID = "{0583926D-C114-4605-8DF3-770402F50E61}" UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{945E37E3-156F-4757-AA1F-CBA338DDFBE9}\InprocServer32 UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6C348EAC-3600-45D3-B477-DFEDDFB78472}\ = "UUWebPlayer Control" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77910CD3-5447-4CCB-92DE-35BA8198BE81}\ = "UUPlayerOCX Control" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BE61BB61-0E51-4080-8B6D-8F1FE00ABE38}\TypeLib\Version = "1.0" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{263BE21D-D834-4971-8097-1F5954995C18}\TypeLib\Version = "1.0" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EAB7A1CC-C77B-45E5-9AC2-AD037D047BCC}\InprocServer32\ThreadingModel = "Apartment" UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{34A24C1F-46A0-46B1-92C9-210132D85E60}\1.0 UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{34A24C1F-46A0-46B1-92C9-210132D85E60}\1.0\ = "UUWebPlayer ActiveX Control module" UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F39804DC-F2B5-4E8B-92F1-45F7B5349C4C}\ProxyStubClsid32 UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F39804DC-F2B5-4E8B-92F1-45F7B5349C4C}\TypeLib UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{03536919-5F7D-4506-80DF-144C74CB5B45}\TypeLib UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\InprocServer32 UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77910CD3-5447-4CCB-92DE-35BA8198BE81}\MiscStatus\1 UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6C348EAC-3600-45D3-B477-DFEDDFB78472}\InprocServer32 UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E7F18B7F-9F1F-4AE6-9866-AB7E1A81ECCA}\ = "RealMedia Source" UUUpgrade.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E7F18B7F-9F1F-4AE6-9866-AB7E1A81ECCA}\FilterData = 02000000000020000000000000000000 UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{770B88B4-DCD8-4857-8E82-62C650F58545}\ProxyStubClsid32 UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F39804DC-F2B5-4E8B-92F1-45F7B5349C4C}\TypeLib\Version = "1.0" UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B9587E96-9349-4F58-A7D5-77E53811BDFD} UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9475D64-4461-4A22-BD58-132AF1D7D565}\ = "_DUUPlayerOCXEvents" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77910CD3-5447-4CCB-92DE-35BA8198BE81}\ProgID\ = "UUPLAYEROCX.UUPlayerOCXCtrl.1" UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77910CD3-5447-4CCB-92DE-35BA8198BE81}\TypeLib UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BE61BB61-0E51-4080-8B6D-8F1FE00ABE38}\TypeLib UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BE61BB61-0E51-4080-8B6D-8F1FE00ABE38}\ = "_DUPlayerEvents" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{17413BA0-0160-4C1F-BA66-679436BCA89B}\FriendlyName = "UUSEE Source" UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{770B88B4-DCD8-4857-8E82-62C650F58545}\TypeLib UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{17413BA0-0160-4C1F-BA66-679436BCA89B}\InprocServer32\ThreadingModel = "Both" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1185448F-CD61-4FD0-A728-F62407D354AA}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\UUWEBP~1.OCX" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BC85539C-48EA-4222-B6EE-8DA6897175DA}\1.0\ = "UUUpgrade ActiveX Control module" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F39804DC-F2B5-4E8B-92F1-45F7B5349C4C}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77910CD3-5447-4CCB-92DE-35BA8198BE81}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\UUPlayer.ocx, 1" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77910CD3-5447-4CCB-92DE-35BA8198BE81}\InprocServer32\ThreadingModel = "Apartment" UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A2113517-E452-43A3-977D-28BA30D5E389} UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6C348EAC-3600-45D3-B477-DFEDDFB78472}\MiscStatus\1 UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\UUUPGR~1.OCX" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0583926D-C114-4605-8DF3-770402F50E61}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rmsp011.ax" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{34A24C1F-46A0-46B1-92C9-210132D85E60}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{263BE21D-D834-4971-8097-1F5954995C18}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6C348EAC-3600-45D3-B477-DFEDDFB78472}\MiscStatus\ = "0" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\Version\ = "1.0" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9475D64-4461-4A22-BD58-132AF1D7D565}\TypeLib\Version = "1.0" UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77910CD3-5447-4CCB-92DE-35BA8198BE81}\ToolboxBitmap32 UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E7F18B7F-9F1F-4AE6-9866-AB7E1A81ECCA}\FriendlyName = "RealMedia Source" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E9475D64-4461-4A22-BD58-132AF1D7D565}\ = "_DUUPlayerOCXEvents" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{945E37E3-156F-4757-AA1F-CBA338DDFBE9}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\SEEPLA~1.OCX" UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EAB7A1CC-C77B-45E5-9AC2-AD037D047BCC} UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F39804DC-F2B5-4E8B-92F1-45F7B5349C4C}\TypeLib UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\ProgID UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\MiscStatus\1 UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\InprocServer32\ThreadingModel = "Apartment" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{41E77C38-9383-404C-BC49-EDF2AEA4E163}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\UUPlayer.ocx" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{263BE21D-D834-4971-8097-1F5954995C18}\TypeLib\ = "{34A24C1F-46A0-46B1-92C9-210132D85E60}" UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{17413BA0-0160-4C1F-BA66-679436BCA89B}\InprocServer32 UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{263BE21D-D834-4971-8097-1F5954995C18} UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{03536919-5F7D-4506-80DF-144C74CB5B45}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B9587E96-9349-4F58-A7D5-77E53811BDFD}\TypeLib UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.ucf\Source Filter = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48CF8992-4161-49D6-9A9B-F1FDB3BAE74D}\InprocServer32\ThreadingModel = "Both" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{770B88B4-DCD8-4857-8E82-62C650F58545}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BC85539C-48EA-4222-B6EE-8DA6897175DA}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\UUUpgrade.ocx" UUUpgrade.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F39804DC-F2B5-4E8B-92F1-45F7B5349C4C}\TypeLib\ = "{BC85539C-48EA-4222-B6EE-8DA6897175DA}" UUUpgrade.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28966B43-B5D0-4694-9E79-F5B4099F02D4} UUUpgrade.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
pid Process 2380 UUUpgrade.exe 2380 UUUpgrade.exe 2380 UUUpgrade.exe 2380 UUUpgrade.exe 2380 UUUpgrade.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2380 UUUpgrade.exe Token: SeDebugPrivilege 2380 UUUpgrade.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2380 UUUpgrade.exe 2380 UUUpgrade.exe -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 2380 UUUpgrade.exe 2380 UUUpgrade.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2380 UUUpgrade.exe 2380 UUUpgrade.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\UUUpgrade.exe"C:\Users\Admin\AppData\Local\Temp\UUUpgrade.exe"1⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2380