Overview

overview

7

Static

static

3

ebbbc24032...18.exe

windows7-x64

7

ebbbc24032...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

KRyLack_So...te.url

windows7-x64

6

KRyLack_So...te.url

windows10-2004-x64

3

Ultimate_K...te.url

windows7-x64

6

Ultimate_K...te.url

windows10-2004-x64

3

ulklfemon.dll

windows7-x64

3

ulklfemon.dll

windows10-2004-x64

3

ultimateke...ee.chm

windows7-x64

1

ultimateke...ee.chm

windows10-2004-x64

1

ultimateke...ee.exe

windows7-x64

6

ultimateke...ee.exe

windows10-2004-x64

7

unukfree.exe

windows7-x64

7

unukfree.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240910-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 16:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ultimatekeyloggerfree.exe

  • Size

    1.2MB

  • MD5

    ae9d3886eed492eac3388ce0b64e9e7c

  • SHA1

    3f040afccabf5a3cfb033f0b058d1ec1bba6d027

  • SHA256

    eac3e306fef7caed9829705363fa762a5cc57b99a2cc87020f7375c44d5c3ea6

  • SHA512

    484fde4cbde2abd645470c28bd4cc08eb5fbf5596043a9dd5830fceac01fe6a5c8d626d0af77d68815646ef74663edc35921cc9e079b7a4e0c9a079251ce6156

  • SSDEEP

    24576:uYmEOHVqgKhEcHhWJavPFOmlYH0cY3vx5yC9JYwAtAnG1EQ5N14fubaWMUnX:TU1RKF6aHcOmcxN9JbIAnmnaWMUnX

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 47 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ultimatekeyloggerfree.exe
    "C:\Users\Admin\AppData\Local\Temp\ultimatekeyloggerfree.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4128
    • C:\Users\Admin\AppData\Local\Temp\ultimatekeyloggerfree.exe
      "C:\Users\Admin\AppData\Local\Temp\ultimatekeyloggerfree.exe" -install
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4460
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 252
        3⤵
        • Program crash
        PID:3164
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 304
        3⤵
        • Program crash
        PID:3480
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4460 -ip 4460
    1⤵
      PID:1180
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4460 -ip 4460
      1⤵
        PID:4028

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\ukfree\55168.dat
        Filesize

        899B

        MD5

        8d5af284710a5cff1541189f1cc3aabc

        SHA1

        31656ce0a306e071911abda2a1ea462e4797e0c0

        SHA256

        490b2ac90c4958667457d5ece3c5d8ada6c3f7da12c22f8b95aecd3995264a27

        SHA512

        87b83ff160bcae8999c856c77924417fb588a4e346573f730017f8dacfb156004186ff08591efbce6eeab31262120ed97edbf76d8a91c69c6a441b40b68d57f1

        Download Submit

      • C:\ProgramData\ukfree\55168.dat
        Filesize

        899B

        MD5

        411ddf2e0681ae4bf4dd7fe1917db787

        SHA1

        117a98f2e243a47eb3b103fa5996b20f8597680e

        SHA256

        348078a305fee69429ae5bdd6d8524a3a5b9f0b0417c95fc9d1a43309cbae471

        SHA512

        320b5d4853f732350a91469bf482130cbc6c683436f5b520d2d72c39dbb1ae445c714a8452de33769cf6df3df66338da108f126c540e59e7afd340bfbfc33a9b

        Download Submit

      • C:\ProgramData\ukfree\55168.dat
        Filesize

        899B

        MD5

        e75c3f221f40d17beb876e878e68f42b

        SHA1

        cad1302ac153a8f30a8816d4d3c843f6d3f77b89

        SHA256

        71b18d6d3089e63dd40064c6e849f794eaed04c24df4bdacd18e8824c99e5cbe

        SHA512

        56201ed6be639021aa4f2c04a478847f07499d6f8d58972949a1f27ecf365cbc6d709508d7523db3ab487f2276c7cd871832eda698daf09a30797a26ecdf63e9

        Download Submit

      • C:\ProgramData\ukfree\logsstore\Admin\ScrnsStore\BMPScrTMP.bmp
        Filesize

        3.5MB

        MD5

        2f27fc15ddadeb29206d4236ff8d3739

        SHA1

        3abc0140f6d2a15adf98ee91b98b9a555bae542d

        SHA256

        a37e35ffe6e0e77d5362831369e340381dbd78b5d89ed48bec9cd6f7fa827564

        SHA512

        5ab7a3f455c0a87c2db0f8611733a4d51c4000c9bc0a91e9f818c0a560b32be3dc938a70086832d430921903379b5ea3b861ee6506c7f195d10290d00060d47e

        Download Submit

      • C:\ProgramData\ukfree\logsstore\Admin\ScrnsStore\BMPScrTMP.bmp
        Filesize

        3.5MB

        MD5

        4657f143a94f9c243be486c9a5181690

        SHA1

        5b5383d077ef7e4beb566a75e13ec26e2bc089ce

        SHA256

        90c6b87e68b035eefb8bbd7c83913927a6d38da55ee934928d29cf204fef616b

        SHA512

        61d93c0b0ea76052d64a5c0cee0fe7b311a6a024b3934cdcdb05da6de0208b9901813758ed9e9af705c74a18c8ccec3c1480c097e6561703cb9a13ad04ff8c5c

        Download Submit

      • C:\ProgramData\ukfree\logsstore\Admin\ScrnsStore\JPGScrTMP.jpg
        Filesize

        76KB

        MD5

        aa20fb5fcdb5d08d5d13a3fac18fc56c

        SHA1

        8bb658458337e676c9e39af57bcda10d5428e2a5

        SHA256

        a78dff201dd7b6b9c54850ec15608abaa18910778f6db560aedce59a8650fb80

        SHA512

        11ffe160a7a4696b39c7042204b8bbfe9eb56e3baf2bbe7ca5b1b8aa5ce49e87054fee810e02782f2fec0309f8ff7a0d7a59915fcef2341fc4f26a37d1e0484e

        Download Submit

      • C:\ProgramData\ukfree\logsstore\Admin\log.ukl
        Filesize

        4KB

        MD5

        50d44bba30a9cbcebf5838eda6f5174e

        SHA1

        c010fb9468c1d3d3ff962f2c6928ba65b9b14099

        SHA256

        706e5d69b2ffd0d2bb0d30379387f6476399fbd9422e8a8680f2ec4b20df9124

        SHA512

        d951f7e93a3e7d1e951df7a58b28f9e4d7f53156b329ca5a65dadb9637fcab750c9c408966f37936f1c7ab52be3613520d68cad70af5fa87298e003492d206f9

        Download Submit

      • memory/4128-138-0x0000000000400000-0x000000000088A000-memory.dmp

        Filesize

        4.5MB

        Download

      • memory/4128-0-0x0000000000400000-0x000000000088A000-memory.dmp

        Filesize

        4.5MB

        Download

      • memory/4128-139-0x0000000000780000-0x0000000000889000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/4128-2-0x0000000000780000-0x0000000000889000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/4128-301-0x0000000000400000-0x000000000088A000-memory.dmp

        Filesize

        4.5MB

        Download

      • memory/4128-381-0x0000000000400000-0x000000000088A000-memory.dmp

        Filesize

        4.5MB

        Download

      • memory/4128-543-0x0000000000400000-0x000000000088A000-memory.dmp

        Filesize

        4.5MB

        Download

      • memory/4128-832-0x0000000000400000-0x000000000088A000-memory.dmp

        Filesize

        4.5MB

        Download

      • memory/4128-1767-0x0000000000400000-0x000000000088A000-memory.dmp

        Filesize

        4.5MB

        Download

      • memory/4128-1-0x0000000000400000-0x000000000088A000-memory.dmp

        Filesize

        4.5MB

        Download

      • memory/4128-1929-0x0000000000400000-0x000000000088A000-memory.dmp

        Filesize

        4.5MB

        Download

      • memory/4460-4-0x0000000000400000-0x000000000088A000-memory.dmp

        Filesize

        4.5MB

        Download