aa4eb9368ff04c6f7a9089ab924fed2ea073405bd799a3b92acd2d572a9318b3

Analysis

max time kernel
28s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
02/06/2023, 18:08

Target

uagta.exe
Size

7.9MB
MD5

59c42d3e5fc1b1511d5def9e647ab7b4
SHA1

e7bf3bad87e62da3d2c459ceb6d037a663fd16b5
SHA256

aa4eb9368ff04c6f7a9089ab924fed2ea073405bd799a3b92acd2d572a9318b3
SHA512

cce57d17d1be2e8844fa7ce275a68aa10447e9229009a5338ff316404152e066f75522d7b80a1b67df280d02ee5ad79a0d58a9c2cd98753e6834208db1923d02
SSDEEP

196608:9wEM/EXHXcpOE103ERX8OBG/HAWmNzFxpCbgn:6z8X3AOE10EBOiNPpwgn

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1124	uagta.tmp

Loads dropped DLL 1 IoCs

pid	Process
1344	uagta.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 1124	1344	uagta.exe	28
PID 1344 wrote to memory of 1124	1344	uagta.exe	28
PID 1344 wrote to memory of 1124	1344	uagta.exe	28
PID 1344 wrote to memory of 1124	1344	uagta.exe	28
PID 1344 wrote to memory of 1124	1344	uagta.exe	28
PID 1344 wrote to memory of 1124	1344	uagta.exe	28
PID 1344 wrote to memory of 1124	1344	uagta.exe	28

C:\Users\Admin\AppData\Local\Temp\uagta.exe
"C:\Users\Admin\AppData\Local\Temp\uagta.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Users\Admin\AppData\Local\Temp\is-1RA6B.tmp\uagta.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-1RA6B.tmp\uagta.tmp" /SL5="$70126,7025834,836608,C:\Users\Admin\AppData\Local\Temp\uagta.exe"
  2⤵
  - Executes dropped EXE
  PID:1124

C:\Users\Admin\AppData\Local\Temp\is-1RA6B.tmp\uagta.tmp

Filesize
3.0MB

MD5
c7b6c60e1227114701db9366529c7ecc

SHA1
6a99bb46b2cc2f2185567931db0c0ac45a89960c

SHA256
6fdae9e726969f6f7bdd63cc12f3c1fceb32e0a435620178ae14cb8958ae78e5

SHA512
ad89ffd4d7ecd4ffc62a6eefac6d608012da27b6f894e6baa5d1303d9d2d77861f5fb468fecc110dbd433a4acf71f497ad3dc6b36f6fdd7c509bc37845689b14

Download Submit
\Users\Admin\AppData\Local\Temp\is-1RA6B.tmp\uagta.tmp

Filesize
3.0MB

MD5
c7b6c60e1227114701db9366529c7ecc

SHA1
6a99bb46b2cc2f2185567931db0c0ac45a89960c

SHA256
6fdae9e726969f6f7bdd63cc12f3c1fceb32e0a435620178ae14cb8958ae78e5

SHA512
ad89ffd4d7ecd4ffc62a6eefac6d608012da27b6f894e6baa5d1303d9d2d77861f5fb468fecc110dbd433a4acf71f497ad3dc6b36f6fdd7c509bc37845689b14

Download Submit
memory/1124-61-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1124-64-0x0000000000400000-0x0000000000715000-memory.dmp

Filesize
3.1MB

Download
memory/1124-65-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1344-54-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1344-63-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download