ec1693018b38ac8f2be71eaea9cbdb6bcb8911de5e56f9f69d8e06f1fec995f4

Analysis

max time kernel
16s
max time network
21s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 16:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ultimatekeyloggerfree.exe
Size

1.2MB
MD5

ae9d3886eed492eac3388ce0b64e9e7c
SHA1

3f040afccabf5a3cfb033f0b058d1ec1bba6d027
SHA256

eac3e306fef7caed9829705363fa762a5cc57b99a2cc87020f7375c44d5c3ea6
SHA512

484fde4cbde2abd645470c28bd4cc08eb5fbf5596043a9dd5830fceac01fe6a5c8d626d0af77d68815646ef74663edc35921cc9e079b7a4e0c9a079251ce6156
SSDEEP

24576:uYmEOHVqgKhEcHhWJavPFOmlYH0cY3vx5yC9JYwAtAnG1EQ5N14fubaWMUnX:TU1RKF6aHcOmcxN9JbIAnmnaWMUnX

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ukfree = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ultimatekeyloggerfree.exe"	ultimatekeyloggerfree.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ultimatekeyloggerfree.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ultimatekeyloggerfree.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1856	ultimatekeyloggerfree.exe
1856	ultimatekeyloggerfree.exe
1856	ultimatekeyloggerfree.exe
1856	ultimatekeyloggerfree.exe
2696	ultimatekeyloggerfree.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 2696	1856	ultimatekeyloggerfree.exe	30
PID 1856 wrote to memory of 2696	1856	ultimatekeyloggerfree.exe	30
PID 1856 wrote to memory of 2696	1856	ultimatekeyloggerfree.exe	30
PID 1856 wrote to memory of 2696	1856	ultimatekeyloggerfree.exe	30

C:\Users\Admin\AppData\Local\Temp\ultimatekeyloggerfree.exe
"C:\Users\Admin\AppData\Local\Temp\ultimatekeyloggerfree.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Users\Admin\AppData\Local\Temp\ultimatekeyloggerfree.exe
  "C:\Users\Admin\AppData\Local\Temp\ultimatekeyloggerfree.exe" -install
  2⤵
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\ukfree\55168.dat

Filesize
899B

MD5
411ddf2e0681ae4bf4dd7fe1917db787

SHA1
117a98f2e243a47eb3b103fa5996b20f8597680e

SHA256
348078a305fee69429ae5bdd6d8524a3a5b9f0b0417c95fc9d1a43309cbae471

SHA512
320b5d4853f732350a91469bf482130cbc6c683436f5b520d2d72c39dbb1ae445c714a8452de33769cf6df3df66338da108f126c540e59e7afd340bfbfc33a9b

Download Submit
memory/1856-0-0x0000000000400000-0x000000000088A000-memory.dmp

Filesize
4.5MB

Download
memory/1856-1-0x0000000000400000-0x000000000088A000-memory.dmp

Filesize
4.5MB

Download
memory/1856-2-0x0000000000780000-0x0000000000889000-memory.dmp

Filesize
1.0MB

Download
memory/1856-4-0x0000000004130000-0x00000000045BA000-memory.dmp

Filesize
4.5MB

Download
memory/1856-7-0x0000000004130000-0x00000000045BA000-memory.dmp

Filesize
4.5MB

Download
memory/1856-60-0x0000000000400000-0x000000000088A000-memory.dmp

Filesize
4.5MB

Download
memory/2696-6-0x0000000000400000-0x000000000088A000-memory.dmp

Filesize
4.5MB

Download
memory/2696-5-0x0000000000400000-0x000000000088A000-memory.dmp

Filesize
4.5MB

Download
memory/2696-9-0x0000000000400000-0x000000000088A000-memory.dmp

Filesize
4.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads