Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2024, 12:00 UTC

General

  • Target

    UUSeeMediaCenter.exe

  • Size

    857KB

  • MD5

    dfb3cd94e260180833feeaca02434949

  • SHA1

    6c7e934ac97aad0dfe985ce95cfa9216e62f0054

  • SHA256

    5727cf8a4be61a49360e71b6aa7c8cc758695585aa40d0b061a6b93ab4987c0b

  • SHA512

    5167340349b4749c1b31bcadee69dd94872a154e292f6f978822e86188e23403a6facae1ad1a17406d85326ae3f6c204eea603226933606b35e5c09dd9f1f1d9

  • SSDEEP

    12288:oU5ZT6UuZ50vzaj+tU+yRRFAIss+xyfRojWo2qi9TOVJEQ0XkYwizbH:j29M6B9AIb+xARojWX9TqEQk

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\UUSeeMediaCenter.exe
    "C:\Users\Admin\AppData\Local\Temp\UUSeeMediaCenter.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:3068

Network

  • flag-us
    DNS
    crl.microsoft.com
    UUSeeMediaCenter.exe
    Remote address:
    8.8.8.8:53
    Request
    crl.microsoft.com
    IN A
    Response
    crl.microsoft.com
    IN CNAME
    crl.www.ms.akadns.net
    crl.www.ms.akadns.net
    IN CNAME
    a1363.dscg.akamai.net
    a1363.dscg.akamai.net
    IN A
    2.19.117.18
    a1363.dscg.akamai.net
    IN A
    2.19.117.22
  • flag-gb
    GET
    http://crl.microsoft.com/pki/crl/products/WinPCA.crl
    UUSeeMediaCenter.exe
    Remote address:
    2.19.117.18:80
    Request
    GET /pki/crl/products/WinPCA.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: crl.microsoft.com
    Response
    HTTP/1.1 200 OK
    Content-Length: 530
    Content-Type: application/pkix-crl
    Content-MD5: Xiddt2GqWiOsZRr49sSgAA==
    Last-Modified: Tue, 08 May 2018 21:14:18 GMT
    ETag: 0x8D5B528A905E7D5
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 65de7b2c-301e-001f-024b-d9f4b4000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 13 Oct 2024 12:00:20 GMT
    Connection: keep-alive
  • flag-us
    DNS
    uhms.uusee.com
    UUSeeMediaCenter.exe
    Remote address:
    8.8.8.8:53
    Request
    uhms.uusee.com
    IN A
    Response
  • flag-us
    DNS
    player.uusee.com
    UUSeeMediaCenter.exe
    Remote address:
    8.8.8.8:53
    Request
    player.uusee.com
    IN A
    Response
    player.uusee.com
    IN A
    117.78.42.51
  • flag-us
    DNS
    uhms.uusee.com
    UUSeeMediaCenter.exe
    Remote address:
    8.8.8.8:53
    Request
    uhms.uusee.com
    IN A
    Response
  • flag-us
    DNS
    log.uusee.com
    UUSeeMediaCenter.exe
    Remote address:
    8.8.8.8:53
    Request
    log.uusee.com
    IN A
    Response
  • flag-us
    DNS
    logserver.uusee.com
    UUSeeMediaCenter.exe
    Remote address:
    8.8.8.8:53
    Request
    logserver.uusee.com
    IN A
    Response
  • flag-us
    DNS
    crl.microsoft.com
    UUSeeMediaCenter.exe
    Remote address:
    8.8.8.8:53
    Request
    crl.microsoft.com
    IN A
    Response
    crl.microsoft.com
    IN CNAME
    crl.www.ms.akadns.net
    crl.www.ms.akadns.net
    IN CNAME
    a1363.dscg.akamai.net
    a1363.dscg.akamai.net
    IN A
    2.19.117.18
    a1363.dscg.akamai.net
    IN A
    2.19.117.22
  • flag-gb
    GET
    http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
    Remote address:
    2.19.117.18:80
    Request
    GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    If-Modified-Since: Thu, 11 Jul 2024 01:45:51 GMT
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: crl.microsoft.com
    Response
    HTTP/1.1 200 OK
    Content-Length: 1036
    Content-Type: application/octet-stream
    Content-MD5: 8M9bF5Tsp81z+cAg2quO8g==
    Last-Modified: Thu, 26 Sep 2024 02:21:11 GMT
    ETag: 0x8DCDDD1E3AF2C76
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: b28c4ea1-d01e-0016-0ebc-0fa13d000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 13 Oct 2024 12:00:51 GMT
    Connection: keep-alive
  • 2.19.117.18:80
    http://crl.microsoft.com/pki/crl/products/WinPCA.crl
    http
    UUSeeMediaCenter.exe
    374 B
    1.1kB
    5
    3

    HTTP Request

    GET http://crl.microsoft.com/pki/crl/products/WinPCA.crl

    HTTP Response

    200
  • 117.78.42.51:80
    player.uusee.com
    UUSeeMediaCenter.exe
    152 B
    3
  • 2.19.117.18:80
    http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
    http
    399 B
    1.7kB
    4
    4

    HTTP Request

    GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

    HTTP Response

    200
  • 8.8.8.8:53
    crl.microsoft.com
    dns
    UUSeeMediaCenter.exe
    63 B
    162 B
    1
    1

    DNS Request

    crl.microsoft.com

    DNS Response

    2.19.117.18
    2.19.117.22

  • 8.8.8.8:53
    uhms.uusee.com
    dns
    UUSeeMediaCenter.exe
    60 B
    134 B
    1
    1

    DNS Request

    uhms.uusee.com

  • 8.8.8.8:53
    uhms.uusee.com
    dns
    UUSeeMediaCenter.exe
    60 B
    134 B
    1
    1

    DNS Request

    uhms.uusee.com

  • 8.8.8.8:53
    player.uusee.com
    dns
    UUSeeMediaCenter.exe
    62 B
    78 B
    1
    1

    DNS Request

    player.uusee.com

    DNS Response

    117.78.42.51

  • 8.8.8.8:53
    log.uusee.com
    dns
    UUSeeMediaCenter.exe
    59 B
    133 B
    1
    1

    DNS Request

    log.uusee.com

  • 8.8.8.8:53
    logserver.uusee.com
    dns
    UUSeeMediaCenter.exe
    65 B
    139 B
    1
    1

    DNS Request

    logserver.uusee.com

  • 127.0.0.1:10110
    UUSeeMediaCenter.exe
  • 219.237.232.84:9800
    UUSeeMediaCenter.exe
    284 B
    1
  • 219.237.232.84:9800
    UUSeeMediaCenter.exe
    284 B
    1
  • 127.0.0.1:9800
    UUSeeMediaCenter.exe
  • 127.0.0.1:9800
    UUSeeMediaCenter.exe
  • 224.0.0.88:8000
    UUSeeMediaCenter.exe
    1.1kB
    14
  • 8.8.8.8:53
    crl.microsoft.com
    dns
    UUSeeMediaCenter.exe
    63 B
    162 B
    1
    1

    DNS Request

    crl.microsoft.com

    DNS Response

    2.19.117.18
    2.19.117.22

  • 114.113.158.231:8000
    UUSeeMediaCenter.exe
    324 B
    3
  • 219.153.56.90:8000
    UUSeeMediaCenter.exe
    166 B
    1

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\skins\UUPlayer\Resource.h

    Filesize

    4KB

    MD5

    12f9325ed13880c23dea4768f2f4a88f

    SHA1

    c1368a3ae0938f8dbf73b7b0640e9274aafa113d

    SHA256

    f36d0f30fb8a3aa082a876db5b5b7cc9bbe36a34f0e0923d270473ed2657f675

    SHA512

    a247a258c5697dc540713c76a76e424cca6cda31a3bf6632d7da047208bacc2d8dcc65f0264c27ef1ad4cfb71cf59e612b452ea76d8673a03fcfbb3c169c47ab

  • C:\Windows\struct~.ini

    Filesize

    204B

    MD5

    ed0b379229602df087441a94b41a16e1

    SHA1

    2facf512948ae2414ebf61e2d142fb2e671dce21

    SHA256

    7bde990763131a82c81fb111f735f08aef111c0f235553734f3656372f5626c2

    SHA512

    ecf323e59a669bbfff52d1b426a2bffcd19bcd1b84b6fa185c6d2a9166b66404f4119388ce56a7516241f1b87a3695ba929a6ef7baa784d72d0d4388efe52164

  • memory/3068-254-0x0000000004F50000-0x0000000005042000-memory.dmp

    Filesize

    968KB

  • memory/3068-255-0x0000000004F50000-0x0000000005042000-memory.dmp

    Filesize

    968KB

  • memory/3068-230-0x0000000003FB0000-0x0000000003FBA000-memory.dmp

    Filesize

    40KB

  • memory/3068-229-0x0000000003FB0000-0x0000000003FBA000-memory.dmp

    Filesize

    40KB

  • memory/3068-231-0x0000000004F50000-0x0000000005042000-memory.dmp

    Filesize

    968KB

  • memory/3068-234-0x0000000002260000-0x000000000226A000-memory.dmp

    Filesize

    40KB

  • memory/3068-235-0x0000000002260000-0x000000000226A000-memory.dmp

    Filesize

    40KB

  • memory/3068-245-0x0000000003FB0000-0x0000000003FBA000-memory.dmp

    Filesize

    40KB

  • memory/3068-244-0x0000000004F50000-0x0000000005042000-memory.dmp

    Filesize

    968KB

  • memory/3068-256-0x0000000004F50000-0x0000000005042000-memory.dmp

    Filesize

    968KB

  • memory/3068-217-0x0000000002260000-0x000000000226A000-memory.dmp

    Filesize

    40KB

  • memory/3068-218-0x0000000002260000-0x000000000226A000-memory.dmp

    Filesize

    40KB

  • memory/3068-246-0x0000000004F50000-0x0000000005042000-memory.dmp

    Filesize

    968KB

  • memory/3068-257-0x0000000004F50000-0x0000000005042000-memory.dmp

    Filesize

    968KB

  • memory/3068-258-0x0000000004F50000-0x0000000005042000-memory.dmp

    Filesize

    968KB

  • memory/3068-259-0x0000000004F50000-0x0000000005042000-memory.dmp

    Filesize

    968KB

  • memory/3068-260-0x0000000004F50000-0x0000000005042000-memory.dmp

    Filesize

    968KB

  • memory/3068-261-0x0000000004F50000-0x0000000005042000-memory.dmp

    Filesize

    968KB

  • memory/3068-262-0x0000000004F50000-0x0000000005042000-memory.dmp

    Filesize

    968KB

  • memory/3068-263-0x0000000004F50000-0x0000000005042000-memory.dmp

    Filesize

    968KB

  • memory/3068-264-0x0000000004F50000-0x0000000005042000-memory.dmp

    Filesize

    968KB

  • memory/3068-265-0x0000000004F50000-0x0000000005042000-memory.dmp

    Filesize

    968KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.