Overview
overview
7Static
static
33fbb8df633...18.exe
windows7-x64
73fbb8df633...18.exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3CoCode.dll
windows7-x64
3CoCode.dll
windows10-2004-x64
3SDL.dll
windows7-x64
3SDL.dll
windows10-2004-x64
3SsmpVlogLayerComm.dll
windows7-x64
3SsmpVlogLayerComm.dll
windows10-2004-x64
3UFDeMux.dll
windows7-x64
3UFDeMux.dll
windows10-2004-x64
3UFSource.dll
windows7-x64
3UFSource.dll
windows10-2004-x64
3UPnPNat.dll
windows7-x64
3UPnPNat.dll
windows10-2004-x64
3UUPlayer.exe
windows7-x64
3UUPlayer.exe
windows10-2004-x64
3UUPlayer.dll
windows7-x64
3UUPlayer.dll
windows10-2004-x64
3UUSeeMediaCenter.exe
windows7-x64
4UUSeeMediaCenter.exe
windows10-2004-x64
4UUUpgrade.exe
windows7-x64
3UUUpgrade.exe
windows10-2004-x64
3UUUpgrade.dll
windows7-x64
3UUUpgrade.dll
windows10-2004-x64
3Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
13/10/2024, 12:00 UTC
Static task
static1
Behavioral task
behavioral1
Sample
3fbb8df63322dfe33355344f89c2dc42_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3fbb8df63322dfe33355344f89c2dc42_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
CoCode.dll
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
CoCode.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
SDL.dll
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
SDL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
SsmpVlogLayerComm.dll
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
SsmpVlogLayerComm.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
UFDeMux.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
UFDeMux.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
UFSource.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
UFSource.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
UPnPNat.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
UPnPNat.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
UUPlayer.exe
Resource
win7-20241010-en
Behavioral task
behavioral24
Sample
UUPlayer.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
UUPlayer.dll
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
UUPlayer.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
UUSeeMediaCenter.exe
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
UUSeeMediaCenter.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
UUUpgrade.exe
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
UUUpgrade.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
UUUpgrade.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
UUUpgrade.dll
Resource
win10v2004-20241007-en
General
-
Target
UUSeeMediaCenter.exe
-
Size
857KB
-
MD5
dfb3cd94e260180833feeaca02434949
-
SHA1
6c7e934ac97aad0dfe985ce95cfa9216e62f0054
-
SHA256
5727cf8a4be61a49360e71b6aa7c8cc758695585aa40d0b061a6b93ab4987c0b
-
SHA512
5167340349b4749c1b31bcadee69dd94872a154e292f6f978822e86188e23403a6facae1ad1a17406d85326ae3f6c204eea603226933606b35e5c09dd9f1f1d9
-
SSDEEP
12288:oU5ZT6UuZ50vzaj+tU+yRRFAIss+xyfRojWo2qi9TOVJEQ0XkYwizbH:j29M6B9AIb+xARojWX9TqEQk
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\struct~.ini UUSeeMediaCenter.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language UUSeeMediaCenter.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main UUSeeMediaCenter.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3068 UUSeeMediaCenter.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 3068 UUSeeMediaCenter.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
pid Process 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe 3068 UUSeeMediaCenter.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\UUSeeMediaCenter.exe"C:\Users\Admin\AppData\Local\Temp\UUSeeMediaCenter.exe"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3068
Network
-
Remote address:8.8.8.8:53Requestcrl.microsoft.comIN AResponsecrl.microsoft.comIN CNAMEcrl.www.ms.akadns.netcrl.www.ms.akadns.netIN CNAMEa1363.dscg.akamai.neta1363.dscg.akamai.netIN A2.19.117.18a1363.dscg.akamai.netIN A2.19.117.22
-
Remote address:2.19.117.18:80RequestGET /pki/crl/products/WinPCA.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Type: application/pkix-crl
Content-MD5: Xiddt2GqWiOsZRr49sSgAA==
Last-Modified: Tue, 08 May 2018 21:14:18 GMT
ETag: 0x8D5B528A905E7D5
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 65de7b2c-301e-001f-024b-d9f4b4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sun, 13 Oct 2024 12:00:20 GMT
Connection: keep-alive
-
Remote address:8.8.8.8:53Requestuhms.uusee.comIN AResponse
-
Remote address:8.8.8.8:53Requestplayer.uusee.comIN AResponseplayer.uusee.comIN A117.78.42.51
-
Remote address:8.8.8.8:53Requestuhms.uusee.comIN AResponse
-
Remote address:8.8.8.8:53Requestlog.uusee.comIN AResponse
-
Remote address:8.8.8.8:53Requestlogserver.uusee.comIN AResponse
-
Remote address:8.8.8.8:53Requestcrl.microsoft.comIN AResponsecrl.microsoft.comIN CNAMEcrl.www.ms.akadns.netcrl.www.ms.akadns.netIN CNAMEa1363.dscg.akamai.neta1363.dscg.akamai.netIN A2.19.117.18a1363.dscg.akamai.netIN A2.19.117.22
-
Remote address:2.19.117.18:80RequestGET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 11 Jul 2024 01:45:51 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-MD5: 8M9bF5Tsp81z+cAg2quO8g==
Last-Modified: Thu, 26 Sep 2024 02:21:11 GMT
ETag: 0x8DCDDD1E3AF2C76
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b28c4ea1-d01e-0016-0ebc-0fa13d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sun, 13 Oct 2024 12:00:51 GMT
Connection: keep-alive
-
374 B 1.1kB 5 3
HTTP Request
GET http://crl.microsoft.com/pki/crl/products/WinPCA.crlHTTP Response
200 -
152 B 3
-
399 B 1.7kB 4 4
HTTP Request
GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crlHTTP Response
200
-
63 B 162 B 1 1
DNS Request
crl.microsoft.com
DNS Response
2.19.117.182.19.117.22
-
60 B 134 B 1 1
DNS Request
uhms.uusee.com
-
60 B 134 B 1 1
DNS Request
uhms.uusee.com
-
62 B 78 B 1 1
DNS Request
player.uusee.com
DNS Response
117.78.42.51
-
59 B 133 B 1 1
DNS Request
log.uusee.com
-
65 B 139 B 1 1
DNS Request
logserver.uusee.com
-
-
284 B 1
-
284 B 1
-
-
-
1.1kB 14
-
63 B 162 B 1 1
DNS Request
crl.microsoft.com
DNS Response
2.19.117.182.19.117.22
-
324 B 3
-
166 B 1
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD512f9325ed13880c23dea4768f2f4a88f
SHA1c1368a3ae0938f8dbf73b7b0640e9274aafa113d
SHA256f36d0f30fb8a3aa082a876db5b5b7cc9bbe36a34f0e0923d270473ed2657f675
SHA512a247a258c5697dc540713c76a76e424cca6cda31a3bf6632d7da047208bacc2d8dcc65f0264c27ef1ad4cfb71cf59e612b452ea76d8673a03fcfbb3c169c47ab
-
Filesize
204B
MD5ed0b379229602df087441a94b41a16e1
SHA12facf512948ae2414ebf61e2d142fb2e671dce21
SHA2567bde990763131a82c81fb111f735f08aef111c0f235553734f3656372f5626c2
SHA512ecf323e59a669bbfff52d1b426a2bffcd19bcd1b84b6fa185c6d2a9166b66404f4119388ce56a7516241f1b87a3695ba929a6ef7baa784d72d0d4388efe52164