Overview

overview

8

Static

static

1

utweb_installer.exe

windows7-x64

8

utweb_installer.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-03-2023 23:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    utweb_installer.exe

  • Size

    1.7MB

  • MD5

    aa28c6ab66f316f9ca24e34171fd79f9

  • SHA1

    9a85cb527dc06146474410e232c83e88c29fc6b5

  • SHA256

    91bfb22e09589199c5b4d5ec665b49d68efff21e59bf4660a3fb9a533afb8192

  • SHA512

    351f0dbd1ce9d0b76238fbe553889f0cce6ab80d25d86dac6fa6202eb41a778b67a0db94a78d2edcdf5a7b78c9336c57c93b774b03607b9913274f0f4154f594

  • SSDEEP

    24576:F4nXubIQGyxbPV0db26wceCmITRfbWWAmCdqotxoBcXRGEtLi+F/WY4O5bY:Fqe3f60rCRNWlmCdqogBcvhtlm

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Script User-Agent 6 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\utweb_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\utweb_installer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2128
    • C:\Users\Admin\AppData\Local\Temp\is-OIAOH.tmp\utweb_installer.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-OIAOH.tmp\utweb_installer.tmp" /SL5="$60118,897614,818688,C:\Users\Admin\AppData\Local\Temp\utweb_installer.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2364
      • C:\Users\Admin\AppData\Local\Temp\is-AA246.tmp\utweb_installer.exe
        "C:\Users\Admin\AppData\Local\Temp\is-AA246.tmp\utweb_installer.exe" /S
        3⤵
        • Executes dropped EXE
        PID:3636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-AA246.tmp\Logo.png
    Filesize

    12KB

    MD5

    a00cfe887e254c462ad0c6a6d3fb25b6

    SHA1

    c603a192e23df46c719febf07fd4207c96b1f0f9

    SHA256

    bca0271f56f7384942ff3affb79fa78ccdceabf7dda89ad3c138226da324cdb1

    SHA512

    6dc95a05e2712d85067aa92144f7e00871d2f60e377c6df0253e3ff48a02280d4148578fbbf22018693227bdcc035a8bd391f3c390aed39ca58749f28fc19862

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-AA246.tmp\botva2.dll
    Filesize

    37KB

    MD5

    67965a5957a61867d661f05ae1f4773e

    SHA1

    f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

    SHA256

    450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

    SHA512

    c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-AA246.tmp\botva2.dll
    Filesize

    37KB

    MD5

    67965a5957a61867d661f05ae1f4773e

    SHA1

    f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

    SHA256

    450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

    SHA512

    c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-AA246.tmp\utweb_installer.exe
    Filesize

    10.6MB

    MD5

    699a9495440f07a5db3899910e0c8c1e

    SHA1

    19a4acc723ff525d5a48753f5623b7c7be36fa91

    SHA256

    74a766312248fd90970f9943a7faf43445f54ffc05fdb4f4bf412c03cec0699d

    SHA512

    3ec21563c6060714112f7e2f5faedb67781bcacb501de1401f325ca744fe09d125f37f45b7937445af6e09e2e072968b617a4108f0f74973fbf1eb5f2fbd055d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-AA246.tmp\utweb_installer.exe
    Filesize

    10.4MB

    MD5

    a0af2d40462345008c885f2b5ca8f225

    SHA1

    26170e94d2b542180f6f18c61c023d41494d287f

    SHA256

    8eb97574266e3de48dd010412e0db6afd26f2c99e33d35617a192f59943777cd

    SHA512

    bad91ce40e0ff68b28689c33b5521ea1e8f884dc2dc7f840b5f07e0ce4e47ddc393a4fa0b1eb352a6310ea4b1505e80475a3c95d4c021f53a18c9d7f9ea790ec

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-OIAOH.tmp\utweb_installer.tmp
    Filesize

    3.0MB

    MD5

    e09f4c0fbeda6c07ced22ed0e1206fff

    SHA1

    8c5b35af00edb742aa5bee8172ef7c880609ffda

    SHA256

    78f50d6fdff01abe6cfb9cbcea33e5c272aa5f3ed7363ca16fa9c2859a8297d4

    SHA512

    ea66e066f44b62fb5c0aa0601a6bf43b9ca21d884811fd3de6ca9e9f75f856debd6f98080a41490ac2602c5d8deebda09e370ec8d09a554d1550dbf3a958509e

    Download Submit

  • memory/2128-133-0x0000000000400000-0x00000000004D5000-memory.dmp

    Filesize

    852KB

    Download

  • memory/2128-154-0x0000000000400000-0x00000000004D5000-memory.dmp

    Filesize

    852KB

    Download

  • memory/2364-148-0x00000000052E0000-0x00000000052EF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2364-156-0x00000000052E0000-0x00000000052EF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2364-157-0x00000000009D0000-0x00000000009D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2364-195-0x0000000000400000-0x000000000070F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2364-155-0x0000000000400000-0x000000000070F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2364-141-0x00000000009D0000-0x00000000009D1000-memory.dmp

    Filesize

    4KB

    Download