6603ce42132a2cb1aea51d1ff1086dbd9bbb14a18e014789239797af8110c67e

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-10-2024 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UUUpgrade.exe
Size

241KB
MD5

69610dcd3ca22a94517b98d883a5adbb
SHA1

490d05031f67f66a00de9cda9297256c7fae9681
SHA256

9d9a6e0e798c7255dbcfa057d6b29cf5eb1051be9099986b1aae3761a84c60b1
SHA512

8d57da760c0478df2d0fffac8e6a732b18a7ae5d232dfbe9e2f2e64e83da156131e0f7a67fe433986ae520f1814dc0f8df96f9e69d2a0fc9d50e3b5fe502d524
SSDEEP

3072:b83tuXD+7oEtnkVITxwdTFf1sJGoDf9woSMmAdiAQkwdTg0gb:b83YqLnk3Bzgr3SMmwZQFBA

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UUUpgrade.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6C348EAC-3600-45D3-B477-DFEDDFB78472}\MiscStatus	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28966B43-B5D0-4694-9E79-F5B4099F02D4}	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{754EFA30-C752-4F45-8890-6250A53FD512}\1.0\HELPDIR	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{56ABD0A3-FEA0-420E-A72C-6D4D7C3DBB2D}	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77910CD3-5447-4CCB-92DE-35BA8198BE81}\TypeLib	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{F070A0E8-B213-47E4-8991-252AC82EE6A1}\Source Filter = "{E436EBB5-524F-11CE-9F53-0020AF0BA770}"	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{754EFA30-C752-4F45-8890-6250A53FD512}	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{770B88B4-DCD8-4857-8E82-62C650F58545}\TypeLib\Version = "1.0"	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{17413BA0-0160-4C1F-BA66-679436BCA89B}	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03536919-5F7D-4506-80DF-144C74CB5B45}\ = "_DUUUpgradeEvents"	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{41E77C38-9383-404C-BC49-EDF2AEA4E163}\1.0\FLAGS\ = "2"	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77910CD3-5447-4CCB-92DE-35BA8198BE81}\Control	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A2113517-E452-43A3-977D-28BA30D5E389}	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BE61BB61-0E51-4080-8B6D-8F1FE00ABE38}	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\Implemented Categories	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EAB7A1CC-C77B-45E5-9AC2-AD037D047BCC}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\SEEPLA~1.OCX, 1"	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{17413BA0-0160-4C1F-BA66-679436BCA89B}	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{41E77C38-9383-404C-BC49-EDF2AEA4E163}\1.0\0	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{91AD598F-876B-4790-8857-ABFE5ED6159F}	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48CF8992-4161-49D6-9A9B-F1FDB3BAE74D}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\UFDeMux.ax"	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EAB7A1CC-C77B-45E5-9AC2-AD037D047BCC}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F39804DC-F2B5-4E8B-92F1-45F7B5349C4C}\ = "_DUUUpgrade"	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F0E7BAF1-655E-4899-ACD4-10D055414CFB}	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\ = "UUUpgrade Control"	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{34A24C1F-46A0-46B1-92C9-210132D85E60}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\UUWebPlayer.ocx"	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{263BE21D-D834-4971-8097-1F5954995C18}	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{263BE21D-D834-4971-8097-1F5954995C18}\ProxyStubClsid32	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9475D64-4461-4A22-BD58-132AF1D7D565}\ = "_DUUPlayerOCXEvents"	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28966B43-B5D0-4694-9E79-F5B4099F02D4}\ = "UUPlayerOCX Property Page"	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{770B88B4-DCD8-4857-8E82-62C650F58545}\ProxyStubClsid32	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{263BE21D-D834-4971-8097-1F5954995C18}\TypeLib\ = "{34A24C1F-46A0-46B1-92C9-210132D85E60}"	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{263BE21D-D834-4971-8097-1F5954995C18}\TypeLib\ = "{34A24C1F-46A0-46B1-92C9-210132D85E60}"	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BC85539C-48EA-4222-B6EE-8DA6897175DA}\1.0\FLAGS	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\MiscStatus\1\ = "131473"	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EAB7A1CC-C77B-45E5-9AC2-AD037D047BCC}\MiscStatus\1	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{263BE21D-D834-4971-8097-1F5954995C18}\TypeLib\Version = "1.0"	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77910CD3-5447-4CCB-92DE-35BA8198BE81}\Control\	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A2113517-E452-43A3-977D-28BA30D5E389}\InprocServer32\ThreadingModel = "Both"	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{34A24C1F-46A0-46B1-92C9-210132D85E60}\1.0\0\win32	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BE61BB61-0E51-4080-8B6D-8F1FE00ABE38}\TypeLib\ = "{754EFA30-C752-4F45-8890-6250A53FD512}"	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BE61BB61-0E51-4080-8B6D-8F1FE00ABE38}\TypeLib\Version = "1.0"	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6C348EAC-3600-45D3-B477-DFEDDFB78472}\ProgID	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\MiscStatus	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48CF8992-4161-49D6-9A9B-F1FDB3BAE74D}\ = "UUSEE DeMultiplexer"	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B}\MiscStatus\1	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{770B88B4-DCD8-4857-8E82-62C650F58545}	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{263BE21D-D834-4971-8097-1F5954995C18}\TypeLib	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EAB7A1CC-C77B-45E5-9AC2-AD037D047BCC}\MiscStatus\1\ = "131473"	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BC85539C-48EA-4222-B6EE-8DA6897175DA}\1.0\0\win32	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03536919-5F7D-4506-80DF-144C74CB5B45}\TypeLib\Version = "1.0"	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E9475D64-4461-4A22-BD58-132AF1D7D565}\ProxyStubClsid32	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EAB7A1CC-C77B-45E5-9AC2-AD037D047BCC}\Version	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{56ABD0A3-FEA0-420E-A72C-6D4D7C3DBB2D}	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77910CD3-5447-4CCB-92DE-35BA8198BE81}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\UUPlayer.ocx"	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{A2113517-E452-43A3-977D-28BA30D5E389}\FriendlyName = "RealVideo Decoder"	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{34A24C1F-46A0-46B1-92C9-210132D85E60}\1.0\ = "UUWebPlayer ActiveX Control module"	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{56ABD0A3-FEA0-420E-A72C-6D4D7C3DBB2D}\TypeLib\ = "{34A24C1F-46A0-46B1-92C9-210132D85E60}"	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BC85539C-48EA-4222-B6EE-8DA6897175DA}\1.0\ = "UUUpgrade ActiveX Control module"	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F0E7BAF1-655E-4899-ACD4-10D055414CFB}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\UUUPGR~1.OCX"	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B9587E96-9349-4F58-A7D5-77E53811BDFD}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77910CD3-5447-4CCB-92DE-35BA8198BE81}\InprocServer32\ThreadingModel = "Apartment"	UUUpgrade.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E7F18B7F-9F1F-4AE6-9866-AB7E1A81ECCA}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rmsp011.ax"	UUUpgrade.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0583926D-C114-4605-8DF3-770402F50E61}	UUUpgrade.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2376	UUUpgrade.exe
2376	UUUpgrade.exe
2376	UUUpgrade.exe
2376	UUUpgrade.exe
2376	UUUpgrade.exe
2376	UUUpgrade.exe
2376	UUUpgrade.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2376	UUUpgrade.exe
Token: SeDebugPrivilege	2376	UUUpgrade.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2376	UUUpgrade.exe
2376	UUUpgrade.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2376	UUUpgrade.exe
2376	UUUpgrade.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2376	UUUpgrade.exe
2376	UUUpgrade.exe

C:\Users\Admin\AppData\Local\Temp\UUUpgrade.exe
"C:\Users\Admin\AppData\Local\Temp\UUUpgrade.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads