Overview

overview

7

Static

static

1

WingetUI.I...er.exe

windows10-1703-x64

7

WingetUI.I...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1800s
  • max time network
    1175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/06/2024, 18:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WingetUI.Installer.exe

  • Size

    76.0MB

  • MD5

    97ee225b1414c938fff70da75bce4dda

  • SHA1

    cefb97bdcb4f19b7207b400909714a6ad244d528

  • SHA256

    76034ef29c504b27c176041b2215d15e1b2545a433e17f006dd8c22df7b37679

  • SHA512

    758de6e45ba9456335d700a26bad9d2526256418733b00041327e9b0a9a9d6e997eea1f49032a4fb2947c9ef3939c3106e01d9025c8dee4b5f181722614f1a29

  • SSDEEP

    1572864:9EXJXh5SzyqGni0YgPkz6Jj/uLXAo4vkv20Phq0Lt6KQIZAAd8:mNhiInil8y6Jj0XA/kv1PcYtbQbT

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WingetUI.Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\WingetUI.Installer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1620
    • C:\Users\Admin\AppData\Local\Temp\is-RVVII.tmp\WingetUI.Installer.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-RVVII.tmp\WingetUI.Installer.tmp" /SL5="$D0064,78639797,809984,C:\Users\Admin\AppData\Local\Temp\WingetUI.Installer.exe"
      2⤵
      • Executes dropped EXE
      PID:4508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-RVVII.tmp\WingetUI.Installer.tmp
    Filesize

    3.0MB

    MD5

    9c26cdb827f978b935d2eeffad289a21

    SHA1

    bae5245bf9aeadd2e3437d948b37f2e770e7f5ea

    SHA256

    6f434ff4ebdbe664557b4aeac87dd45bb43a6776c00d9ffb10d0a94ee6a06585

    SHA512

    38c0a842d3825d54e3c45e40bd3f516d54d98dd5142f40f86b08cc3083acee16e739e5fab0ae0a6771dd7ea4c4ffc9633bfca19a0de81194e492c9a113717d04

    Download Submit

  • memory/1620-2-0x0000000000401000-0x00000000004B7000-memory.dmp

    Filesize

    728KB

    Download

  • memory/1620-0-0x0000000000400000-0x00000000004D3000-memory.dmp

    Filesize

    844KB

    Download

  • memory/1620-7-0x0000000000400000-0x00000000004D3000-memory.dmp

    Filesize

    844KB

    Download

  • memory/4508-6-0x0000000000400000-0x000000000070F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4508-8-0x0000000000400000-0x000000000070F000-memory.dmp

    Filesize

    3.1MB

    Download