a75c4cafd609535d2a23100e403be32723d8d64541f28389f2c857cd2d0b74cc

Resubmissions

22-05-2024 02:46

22-05-2024 02:41

max time kernel
141s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 02:41

Target

utweb_installer.exe
Size

1.7MB
MD5

5285ef6e9757a6d1335cdae5cbf4e05f
SHA1

cf79734fceb53a6871d8c5b50f0479d466c05144
SHA256

a75c4cafd609535d2a23100e403be32723d8d64541f28389f2c857cd2d0b74cc
SHA512

f0c551557cef134a8a47183337063453833e2b11a0c6ff57e1a209338bb57b5884eb52fbe9d5e83f3f549e0f1dbd46bd877d3749e8dbf7f8b34e25d6bcb907e6
SSDEEP

24576:u7FUDowAyrTVE3U5FPF248wUMYSAba9ZA3mKZtMr3c7YB/LfDUkPV39qJ3XNEQh:uBuZrEUpx8wUGAuhKrMr3gE/LbUp3dRh

Score

4^/10

Executes dropped EXE 1 IoCs

Processes:

utweb_installer.tmp

pid process

3864 utweb_installer.tmp
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.

Processes:

description flow ioc

HTTP User-Agent header 5 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

pid	process
3864	utweb_installer.tmp

description	flow	ioc
HTTP User-Agent header	5	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

utweb_installer.exe

description	pid	process	target process
PID 1556 wrote to memory of 3864	1556	utweb_installer.exe	utweb_installer.tmp
PID 1556 wrote to memory of 3864	1556	utweb_installer.exe	utweb_installer.tmp
PID 1556 wrote to memory of 3864	1556	utweb_installer.exe	utweb_installer.tmp

C:\Users\Admin\AppData\Local\Temp\utweb_installer.exe
"C:\Users\Admin\AppData\Local\Temp\utweb_installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1556

C:\Users\Admin\AppData\Local\Temp\is-RCS6K.tmp\utweb_installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-RCS6K.tmp\utweb_installer.tmp" /SL5="$30236,866469,820736,C:\Users\Admin\AppData\Local\Temp\utweb_installer.exe"
2⤵
- Executes dropped EXE
PID:3864

C:\Users\Admin\AppData\Local\Temp\is-RCS6K.tmp\utweb_installer.tmp

Filesize
3.0MB

MD5
a9a9a17e5b6d7ed25bf33d1e6a9b5803

SHA1
80686d9e22ac2c7f4a12271ea41df5b877012e34

SHA256
f7df82d7efca239b6c488f6464f91b46e7cae670ce05955095e8545627160445

SHA512
78811555ff867101308bab9df302330986f8a5604952dc0d6e26e0d053e6147a6136889e532ddea3f71a8465ad859ddb5291291cd638d30742b26aada8403f81

Download Submit
memory/1556-0-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download
memory/1556-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/1556-11-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download
memory/3864-6-0x0000000000400000-0x0000000000711000-memory.dmp

Filesize
3.1MB

Download
memory/3864-12-0x0000000000400000-0x0000000000711000-memory.dmp

Filesize
3.1MB

Download