6603ce42132a2cb1aea51d1ff1086dbd9bbb14a18e014789239797af8110c67e

Analysis

max time kernel
150s
max time network
148s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UUSeeMediaCenter.exe
Size

857KB
MD5

dfb3cd94e260180833feeaca02434949
SHA1

6c7e934ac97aad0dfe985ce95cfa9216e62f0054
SHA256

5727cf8a4be61a49360e71b6aa7c8cc758695585aa40d0b061a6b93ab4987c0b
SHA512

5167340349b4749c1b31bcadee69dd94872a154e292f6f978822e86188e23403a6facae1ad1a17406d85326ae3f6c204eea603226933606b35e5c09dd9f1f1d9
SSDEEP

12288:oU5ZT6UuZ50vzaj+tU+yRRFAIss+xyfRojWo2qi9TOVJEQ0XkYwizbH:j29M6B9AIb+xARojWX9TqEQk

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\struct~.ini	UUSeeMediaCenter.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UUSeeMediaCenter.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	UUSeeMediaCenter.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3068	UUSeeMediaCenter.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
3068	UUSeeMediaCenter.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe
3068	UUSeeMediaCenter.exe

C:\Users\Admin\AppData\Local\Temp\UUSeeMediaCenter.exe
"C:\Users\Admin\AppData\Local\Temp\UUSeeMediaCenter.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\skins\UUPlayer\Resource.h

Filesize
4KB

MD5
12f9325ed13880c23dea4768f2f4a88f

SHA1
c1368a3ae0938f8dbf73b7b0640e9274aafa113d

SHA256
f36d0f30fb8a3aa082a876db5b5b7cc9bbe36a34f0e0923d270473ed2657f675

SHA512
a247a258c5697dc540713c76a76e424cca6cda31a3bf6632d7da047208bacc2d8dcc65f0264c27ef1ad4cfb71cf59e612b452ea76d8673a03fcfbb3c169c47ab

Download Submit
C:\Windows\struct~.ini

Filesize
204B

MD5
ed0b379229602df087441a94b41a16e1

SHA1
2facf512948ae2414ebf61e2d142fb2e671dce21

SHA256
7bde990763131a82c81fb111f735f08aef111c0f235553734f3656372f5626c2

SHA512
ecf323e59a669bbfff52d1b426a2bffcd19bcd1b84b6fa185c6d2a9166b66404f4119388ce56a7516241f1b87a3695ba929a6ef7baa784d72d0d4388efe52164

Download Submit
memory/3068-254-0x0000000004F50000-0x0000000005042000-memory.dmp

Filesize
968KB

Download
memory/3068-255-0x0000000004F50000-0x0000000005042000-memory.dmp

Filesize
968KB

Download
memory/3068-230-0x0000000003FB0000-0x0000000003FBA000-memory.dmp

Filesize
40KB

Download
memory/3068-229-0x0000000003FB0000-0x0000000003FBA000-memory.dmp

Filesize
40KB

Download
memory/3068-231-0x0000000004F50000-0x0000000005042000-memory.dmp

Filesize
968KB

Download
memory/3068-234-0x0000000002260000-0x000000000226A000-memory.dmp

Filesize
40KB

Download
memory/3068-235-0x0000000002260000-0x000000000226A000-memory.dmp

Filesize
40KB

Download
memory/3068-245-0x0000000003FB0000-0x0000000003FBA000-memory.dmp

Filesize
40KB

Download
memory/3068-244-0x0000000004F50000-0x0000000005042000-memory.dmp

Filesize
968KB

Download
memory/3068-256-0x0000000004F50000-0x0000000005042000-memory.dmp

Filesize
968KB

Download
memory/3068-217-0x0000000002260000-0x000000000226A000-memory.dmp

Filesize
40KB

Download
memory/3068-218-0x0000000002260000-0x000000000226A000-memory.dmp

Filesize
40KB

Download
memory/3068-246-0x0000000004F50000-0x0000000005042000-memory.dmp

Filesize
968KB

Download
memory/3068-257-0x0000000004F50000-0x0000000005042000-memory.dmp

Filesize
968KB

Download
memory/3068-258-0x0000000004F50000-0x0000000005042000-memory.dmp

Filesize
968KB

Download
memory/3068-259-0x0000000004F50000-0x0000000005042000-memory.dmp

Filesize
968KB

Download
memory/3068-260-0x0000000004F50000-0x0000000005042000-memory.dmp

Filesize
968KB

Download
memory/3068-261-0x0000000004F50000-0x0000000005042000-memory.dmp

Filesize
968KB

Download
memory/3068-262-0x0000000004F50000-0x0000000005042000-memory.dmp

Filesize
968KB

Download
memory/3068-263-0x0000000004F50000-0x0000000005042000-memory.dmp

Filesize
968KB

Download
memory/3068-264-0x0000000004F50000-0x0000000005042000-memory.dmp

Filesize
968KB

Download
memory/3068-265-0x0000000004F50000-0x0000000005042000-memory.dmp

Filesize
968KB

Download