52dda648edf6eab8fdb5187e2866bb337e73e9025a0e13dced7abe00f899d44e

Resubmissions

01-03-2023 19:03

230301-xqjj8ahg39 8

26-02-2023 16:12

230226-tnwj8ahc3w 8

Analysis

max time kernel
14s
max time network
9s
platform
windows10-2004_x64
resource
win10v2004-20230221-es
resource tags

arch:x64arch:x86image:win10v2004-20230221-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
26-02-2023 16:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

utorrent_installer.exe
Size

1.7MB
MD5

b6b16ce1d51baf68aedf62e35e9390c9
SHA1

428efbd8c1a3a92eac36694ef4ed0ba76801342a
SHA256

52dda648edf6eab8fdb5187e2866bb337e73e9025a0e13dced7abe00f899d44e
SHA512

996fac7d5311dd258972df0ed9e392aeefbd9a11bc38614347f296fc62b6164d039c9ae21a9e10dc49019cd8f7bcd6e2d37c89d990de23de146ee90f560bacbb
SSDEEP

24576:S4nXubIQGyxbPV0db26sdGr9Y0kpZZymuz7lnAjEHLcfVLKswfsQ:Sqe3f6b9Ynpryh71SaLcfxOfsQ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1424	utorrent_installer.tmp

Loads dropped DLL 2 IoCs

pid	Process
1424	utorrent_installer.tmp
1424	utorrent_installer.tmp

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	9	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 1424	1696	utorrent_installer.exe	84
PID 1696 wrote to memory of 1424	1696	utorrent_installer.exe	84
PID 1696 wrote to memory of 1424	1696	utorrent_installer.exe	84

C:\Users\Admin\AppData\Local\Temp\utorrent_installer.exe
"C:\Users\Admin\AppData\Local\Temp\utorrent_installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Users\Admin\AppData\Local\Temp\is-T7K30.tmp\utorrent_installer.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-T7K30.tmp\utorrent_installer.tmp" /SL5="$B006E,874637,815104,C:\Users\Admin\AppData\Local\Temp\utorrent_installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-S39DA.tmp\Logo.png

Filesize
7KB

MD5
5424804c80db74e1304535141a5392c6

SHA1
6d749f3b59672b0c243690811ec3240ff2eced8e

SHA256
9b7e2ea77e518b50e5dd78e0faec509e791949a7c7f360a967c9ee204a8f1412

SHA512
6c7364b9693ce9cbbdbca60ecef3911dfe3d2d836252d7650d34506d2aa41fc5892028ba93f2619caf7edb06576fddae7e5f91f5844b5c3a47f54ca39f84cc6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-S39DA.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-S39DA.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T7K30.tmp\utorrent_installer.tmp

Filesize
3.0MB

MD5
bee3a3ae058047dbe5d147b30d11c331

SHA1
3eba7c30a4bded07d58cf057781a4348a8313942

SHA256
1ff0cefbfe0905f845ef0e0f2f2b20d5f131ae126ba4acfbd368a6be879dd5c7

SHA512
b8128e25e45419a3fbef7874335ad25d959a7eb491545c819fcd7d48357e26b4df78452dbda7295a27c68dd7f1dd4c72b90b4ffa817be84535426f3fca37ba3e

Download Submit
memory/1424-141-0x0000000000D00000-0x0000000000D01000-memory.dmp

Filesize
4KB

Download
memory/1424-148-0x0000000003A40000-0x0000000003A4F000-memory.dmp

Filesize
60KB

Download
memory/1424-155-0x0000000000400000-0x000000000070E000-memory.dmp

Filesize
3.1MB

Download
memory/1424-156-0x0000000003A40000-0x0000000003A4F000-memory.dmp

Filesize
60KB

Download
memory/1424-157-0x0000000000D00000-0x0000000000D01000-memory.dmp

Filesize
4KB

Download
memory/1696-133-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download
memory/1696-154-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download