File name:

1kdw96cZxc4eZnX0acMA04.zip

Full analysis: https://app.any.run/tasks/ff7f41e7-122f-4846-a49f-9a087561b679
Verdict: Malicious activity
Analysis date: November 10, 2023, 15:11:10
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

63A19C8EF5107DC0B34EEBC8FA7912B8

SHA1:

067035F4B2E449FC44D96D1864A9EC02E77F361C

SHA256:

BB09F073FBAFA23224DB87C8087CB2DFC7E4569217E13198CF679880CF483CBE

SSDEEP:

49152:wCNVd9XpGvVxqkYs3yQTQ30OHWd3itWFSAORC0L7QJVrpOEHBk2vSAFQDnWTXLo+:wCnd3G9IkYxQUXHWd3QO9p3a2vSAyDnO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • utweb_installer.exe (PID: 3904)
      • utweb_installer.exe (PID: 3380)
      • utweb_installer.tmp (PID: 3916)
      • utweb_installer.exe (PID: 3676)
      • utweb.exe (PID: 1924)

  • SUSPICIOUS

    • Reads settings of System Certificates

      • utweb_installer.tmp (PID: 3916)
      • utweb.exe (PID: 1924)
      • helper.exe (PID: 2468)

    • Reads the Windows owner or organization settings

      • utweb_installer.tmp (PID: 3916)

    • Reads the Internet Settings

      • utweb_installer.tmp (PID: 3916)
      • utweb_installer.exe (PID: 3676)
      • saBSI.exe (PID: 1816)
      • utweb.exe (PID: 1924)

    • Process drops legitimate windows executable

      • utweb_installer.exe (PID: 3676)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • utweb_installer.exe (PID: 3676)

    • Checks Windows Trust Settings

      • saBSI.exe (PID: 1816)
      • utweb.exe (PID: 1924)

    • The process creates files with name similar to system file names

      • utweb_installer.exe (PID: 3676)

    • Reads security settings of Internet Explorer

      • saBSI.exe (PID: 1816)
      • utweb.exe (PID: 1924)

  • INFO

    • Create files in a temporary directory

      • utweb_installer.exe (PID: 3380)
      • utweb_installer.tmp (PID: 3916)
      • utweb_installer.exe (PID: 3904)
      • utweb_installer.exe (PID: 3676)

    • Checks supported languages

      • utweb_installer.exe (PID: 3904)
      • utweb_installer.exe (PID: 3380)
      • utweb_installer.tmp (PID: 3916)
      • utweb_installer.tmp (PID: 3632)
      • wmpnscfg.exe (PID: 4016)
      • utweb_installer.exe (PID: 3676)
      • saBSI.exe (PID: 1816)
      • utweb.exe (PID: 1924)
      • helper.exe (PID: 2468)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3448)

    • Manual execution by a user

      • utweb_installer.exe (PID: 3380)
      • wmpnscfg.exe (PID: 4016)

    • Reads the computer name

      • utweb_installer.tmp (PID: 3632)
      • utweb_installer.tmp (PID: 3916)
      • wmpnscfg.exe (PID: 4016)
      • utweb_installer.exe (PID: 3676)
      • saBSI.exe (PID: 1816)
      • utweb.exe (PID: 1924)
      • helper.exe (PID: 2468)

    • Reads the machine GUID from the registry

      • utweb_installer.tmp (PID: 3916)
      • wmpnscfg.exe (PID: 4016)
      • utweb_installer.exe (PID: 3676)
      • saBSI.exe (PID: 1816)
      • utweb.exe (PID: 1924)

    • Creates files or folders in the user directory

      • utweb_installer.exe (PID: 3676)
      • utweb.exe (PID: 1924)
      • helper.exe (PID: 2468)

    • Creates files in the program directory

      • saBSI.exe (PID: 1816)

    • Checks proxy server information

      • utweb_installer.exe (PID: 3676)

    • Application launched itself

      • msedge.exe (PID: 2332)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0009
ZipCompression: Deflated
ZipModifyDate: 2023:11:06 09:30:50
ZipCRC: 0xb82185c0
ZipCompressedSize: 659
ZipUncompressedSize: 2606
ZipFileName: manifest.json
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
79
Monitored processes
33
Malicious processes
6
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe no specs utweb_installer.exe no specs utweb_installer.tmp no specs utweb_installer.exe utweb_installer.tmp wmpnscfg.exe no specs utweb_installer.exe sabsi.exe utweb.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs helper.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
292"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1332,i,15065077765946580247,790556663258160269,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
1088"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1388 --field-trial-handle=1332,i,15065077765946580247,790556663258160269,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
1616"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1332,i,15065077765946580247,790556663258160269,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
1816"C:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\component0_extract\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=DEC:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\component0_extract\saBSI.exe
utweb_installer.tmp
User:
admin
Company:
McAfee, LLC
Integrity Level:
HIGH
Description:
McAfee WebAdvisor(bootstrap installer)
Exit code:
4294967295
Version:
4,1,1,818
1848"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1216 --field-trial-handle=1332,i,15065077765946580247,790556663258160269,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
1924"C:\Users\admin\AppData\Roaming\uTorrent Web\utweb.exe" /RUNONSTARTUPC:\Users\admin\AppData\Roaming\uTorrent Web\utweb.exe
utweb_installer.tmp
User:
admin
Company:
Rainberry Inc.
Integrity Level:
MEDIUM
Description:
µTorrent Web
Exit code:
0
Version:
1.4.0.5714
2332"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument https://utweb.rainberrytv.com/gui/index.html?v=1.4.0.5714&firstrun=1&localauth=localapi5ba29085830250f2:C:\Program Files\Microsoft\Edge\Application\msedge.exe
utweb.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
2436"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4032 --field-trial-handle=1332,i,15065077765946580247,790556663258160269,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
2452"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3960 --field-trial-handle=1332,i,15065077765946580247,790556663258160269,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
2468helper/helper.exe 49238 -- ut_web/1.4.0.5714 hval/a69629c6db7fee11a82612a9866c77deC:\Users\admin\AppData\Roaming\uTorrent Web\helper\helper.exe
utweb.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
MEDIUM
Description:
µTorrent Helper
Exit code:
0
Version:
2.1.6.2679
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
34
Suspicious files
297
Text files
70
Unknown types
0

Dropped files

PID
Process
Filename
Type
3916utweb_installer.tmpC:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\component0compressed
MD5:CD9C77BC5840AF008799985F397FE1C3
SHA256:26D7704B540DF18E2BCCD224DF677061FFB9F03CAB5B3C191055A84BF43A9085
3916utweb_installer.tmpC:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\Logo.pngimage
MD5:A00CFE887E254C462AD0C6A6D3FB25B6
SHA256:BCA0271F56F7384942FF3AFFB79FA78CCDCEABF7DDA89AD3C138226DA324CDB1
3448WinRAR.exeC:\Users\admin\Desktop\check\manifest.jsonbinary
MD5:ED188E2DC424A00333ED7F5E5E78ABED
SHA256:AB6026278C2674DFC94F91B6F7159CAF9BC018FC505398C8BC6F344C42DEB890
3916utweb_installer.tmpC:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\is-N6P5U.tmpimage
MD5:4CFFF8DC30D353CD3D215FD3A5DBAC24
SHA256:0C430E56D69435D8AB31CBB5916A73A47D11EF65B37D289EE7D11130ADF25856
3916utweb_installer.tmpC:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\WebAdvisor.pngimage
MD5:4CFFF8DC30D353CD3D215FD3A5DBAC24
SHA256:0C430E56D69435D8AB31CBB5916A73A47D11EF65B37D289EE7D11130ADF25856
3676utweb_installer.exeC:\Users\admin\AppData\Local\Temp\nslC1F4.tmp\System.dllexecutable
MD5:CFF85C549D536F651D4FB8387F1976F2
SHA256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
3448WinRAR.exeC:\Users\admin\Desktop\check\file-acquisition-raw-issues.11naxWvW8f609CLvvITnz1.xmlxml
MD5:DF7972AC26DF2CAA28114773E2966304
SHA256:BD4E548388E1D08E6F27B1B8AE90E5C1DED51655DB21E987A6141720CDDCC41C
3448WinRAR.exeC:\Users\admin\Desktop\check\utweb_installer.exe_executable
MD5:3225E1398A194E5EB1B637A7C1D09973
SHA256:DFB866E36A40B7D6C97C28C680D209CB6F1FE9384882FAA08DA79D3669BF0A6A
3448WinRAR.exeC:\Users\admin\Desktop\check\files-raw.amKgegAXa58bgp5VmMqOxX.xmlxml
MD5:23B2B89D207BB927685B81300607B603
SHA256:D34F1D85DDC2BA2141F5452A466886DD258922987AEFD65ACAA37B43FAE53BC5
3380utweb_installer.exeC:\Users\admin\AppData\Local\Temp\is-UJF0R.tmp\utweb_installer.tmpexecutable
MD5:EBFFAE50091E056D1A42A81360B41686
SHA256:B87034BC14479A7A77A1E970215942F41FDF265E6BE6235F7A8DE637B0B6AFA1
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
25
TCP/UDP connections
311
DNS requests
155
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1924
utweb.exe
GET
178.79.242.16:80
http://btinstall-artifacts.bittorrent.com/helper_ui/helper_web_ui.btinstall
unknown
unknown
1924
utweb.exe
POST
200
52.22.217.101:80
http://i-4101.b-10541.utweb.bench.utorrent.com/e?i=4101&e=eyJldmVudE5hbWUiOiJ1dHdlYiIsImFjdGlvbiI6ImdhQmxvY2suYWJzZW50LnBhZ2Vsb2FkIiwiQlVJTERfTlVNQkVSIjoiMTA1NDEiLCJhcHBOYW1lIjoidXR3ZWIiLCJhcHBWZXJzaW9uIjoiMS40LjAuNTcxNC4xMDU0MSIsImlzVXR3ZWIiOnRydWUsInR1dG9yaWFsVmlkZW9IYXNoTGlzdCI6WyI4MGIzOWEyZTM3YWEzNTJjZDJmY2JmYmVmN2M0YTZlOWU4Y2ZlNDM4IiwiOWEyM2JlNmM1NWQ1ZjhkMWUyODI2MGU0MDNiYWU1NDEyNDQzNTc5ZSIsIjM4ZTk3MjM0ZmQ2MGM0ZjMwMzQ0ZDlmYWU4MDg5OWE3NWZjZmJmZmUiLCI2MWIzYjg4NTZjNDgzOWVkZjUxZjVjMjM0NjU5OWI2YmVjNTI0MTQ1IiwiNTYyZTI5Yzc4MzZkYWRiY2Y1NWIzZGViZjgzMDYzMjcxNzY5Yzk0ZiJdLCJ1dWlkIjoiYTY5NjI5YzZkYjdmZWUxMWE4MjYxMmE5ODY2Yzc3ZGUiLCJnYUJsb2NrZXJEZXRlY3RlZCI6bnVsbCwiYmVuY2hHZW8iOiIiLCJ1dHdlYlNhbXBsZVJhdGUiOjF9
unknown
binary
21 b
unknown
2468
helper.exe
POST
200
52.22.217.101:80
http://i-5600.b-2679.helper.bench.utorrent.com/e.php?i=5600
unknown
binary
21 b
unknown
3676
utweb_installer.exe
POST
200
52.45.10.136:80
http://i-4101.b-5714.utweb.bench.utorrent.com/e?i=4101
unknown
binary
21 b
unknown
2468
helper.exe
POST
200
52.22.217.101:80
http://i-5600.b-2679.helper.bench.utorrent.com/e.php?i=5600
unknown
binary
21 b
unknown
1924
utweb.exe
POST
200
52.87.99.64:80
http://i-4101.b-10541.utweb_ui.bench.utorrent.com/e?i=4101&e=eyJhY3Rpb24iOiJ2MS4xMDU0MS5kZS5hZGNvbmZpZy5wbGFjZWhvbGRlci5wbGFjZWhvbGRlci5wbGFjZWhvbGRlciIsImFwcE5hbWUiOiJ1dHdlYiIsImFwcFZlcnNpb24iOiIxLjQuMC41NzE0LjEwNTQxIiwiaXNVdHdlYiI6dHJ1ZSwidHV0b3JpYWxWaWRlb0hhc2hMaXN0IjpbIjgwYjM5YTJlMzdhYTM1MmNkMmZjYmZiZWY3YzRhNmU5ZThjZmU0MzgiLCI5YTIzYmU2YzU1ZDVmOGQxZTI4MjYwZTQwM2JhZTU0MTI0NDM1NzllIiwiMzhlOTcyMzRmZDYwYzRmMzAzNDRkOWZhZTgwODk5YTc1ZmNmYmZmZSIsIjYxYjNiODg1NmM0ODM5ZWRmNTFmNWMyMzQ2NTk5YjZiZWM1MjQxNDUiLCI1NjJlMjljNzgzNmRhZGJjZjU1YjNkZWJmODMwNjMyNzE3NjljOTRmIl0sInV1aWQiOiJhNjk2MjljNmRiN2ZlZTExYTgyNjEyYTk4NjZjNzdkZSIsImJlbmNoR2VvIjoiZGUiLCJ1dHdlYlNhbXBsZVJhdGUiOjEsImdhQmxvY2tlckRldGVjdGVkIjpudWxsLCJuYW1lIjoidDAiLCJ0cmFja2luZ0lkIjoiVUEtODg2OTgxMDItMTAiLCJjb29raWVOYW1lIjoiX2dhIiwiY29va2llRG9tYWluIjoicmFpbmJlcnJ5dHYuY29tIiwiY29va2llUGF0aCI6Ii8iLCJjb29raWVFeHBpcmVzIjo2MzA3MjAwMCwibGVnYWN5SGlzdG9yeUltcG9ydCI6dHJ1ZSwiYWxsb3dMaW5rZXIiOmZhbHNlLCJhbGxvd0FuY2hvciI6dHJ1ZSwic2FtcGxlUmF0ZSI6MTAwLCJzaXRlU3BlZWRTYW1wbGVSYXRlIjoxLCJhbHdheXNTZW5kUmVmZXJyZXIiOmZhbHNlLCJzdG9yYWdlIjoiY29va2llIiwiX2dlIjp0cnVlLCJhcGlWZXJzaW9uIjoxLCJjbGllbnRWZXJzaW9uIjoiajU2IiwiX2djbiI6Il9naWQiLCJjbGllbnRJZCI6IjExOTYyOTU0MjYuMTY5OTYyOTI0NyIsIl9naWQiOiIxMDY5NzgyOTEuMTY5OTYyOTI0NyIsImxvY2F0aW9uIjoiaHR0cHM6Ly91dHdlYi5yYWluYmVycnl0di5jb20vZ3VpL2luZGV4Lmh0bWw/dj0xLjQuMC41NzE0Iiwic2NyZWVuUmVzb2x1dGlvbiI6IjEyODB4NzIwIiwic2NyZWVuQ29sb3JzIjoiMjQtYml0Iiwidmlld3BvcnRTaXplIjoiMTI4MHg1NzQiLCJlbmNvZGluZyI6IlVURi04IiwiamF2YUVuYWJsZWQiOmZhbHNlLCJsYW5ndWFnZSI6ImVuLXVzIiwiYWRTZW5zZUlkIjo4ODM3MzM3MzksImRpbWVuc2lvbjEiOiIxMTk2Mjk1NDI2LjE2OTk2MjkyNDciLCJkaW1lbnNpb242IjoxLCJ0aXRsZSI6Is68VG9ycmVudCBXZWIiLCJzY3JlZW5OYW1lIjoiZGFzaGJvYXJkIiwicGFnZSI6Ii9kYXNoYm9hcmQiLCJkaW1lbnNpb24yIjoxNjk5NjI5MjQ2NjE4LCJkaW1lbnNpb24zIjowLCJkaW1lbnNpb243IjoiYTY5NjI5YzZkYjdmZWUxMWE4MjYxMmE5ODY2Yzc3ZGUiLCJoaXRUeXBlIjoiZXZlbnQiLCJfdGkiOjE2OTk2MjkyNDc0NDQsIl90byI6MTYsIl9oYyI6NCwiX2oxIjoiIiwiX2oyIjoiIiwiX3MiOjQsImV2ZW50Q2F0ZWdvcnkiOiJhZGNvbmZpZyIsImV2ZW50QWN0aW9uIjoibmV3Iiwibm9uSW50ZXJhY3Rpb24iOnRydWUsImV2ZW50TmFtZSI6InV0d2ViX3VpIiwiQlVJTERfTlVNQkVSIjoiMTA1NDEifQ==
unknown
binary
21 b
unknown
2468
helper.exe
POST
200
52.22.217.101:80
http://i-5600.b-2679.helper.bench.utorrent.com/e.php?i=5600
unknown
binary
21 b
unknown
2468
helper.exe
POST
200
52.22.217.101:80
http://i-5600.b-2679.helper.bench.utorrent.com/e.php?i=5600
unknown
binary
21 b
unknown
2468
helper.exe
POST
200
52.22.217.101:80
http://i-5600.b-2679.helper.bench.utorrent.com/e.php?i=5600
unknown
binary
21 b
unknown
3676
utweb_installer.exe
POST
200
52.45.10.136:80
http://i-4101.b-5714.utweb.bench.utorrent.com/e?i=4101
unknown
binary
21 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
868
svchost.exe
95.101.148.135:80
Akamai International B.V.
NL
unknown
868
svchost.exe
23.218.208.137:80
armmf.adobe.com
AKAMAI-AS
DE
unknown
3916
utweb_installer.tmp
65.9.94.46:443
d3du9emkqnnqkp.cloudfront.net
AMAZON-02
US
unknown
3916
utweb_installer.tmp
65.9.94.17:443
dcnlefgcjiudc.cloudfront.net
AMAZON-02
US
unknown
3916
utweb_installer.tmp
65.9.94.167:443
d27wm444oowmat.cloudfront.net
AMAZON-02
US
unknown
3916
utweb_installer.tmp
67.215.238.66:443
download-lb.utorrent.com
ASN-QUADRANET-GLOBAL
US
unknown

DNS requests

Domain
IP
Reputation
armmf.adobe.com
  • 23.218.208.137
whitelisted
d3du9emkqnnqkp.cloudfront.net
  • 65.9.94.46
  • 65.9.94.106
  • 65.9.94.81
  • 65.9.94.168
unknown
dcnlefgcjiudc.cloudfront.net
  • 65.9.94.17
  • 65.9.94.165
  • 65.9.94.96
  • 65.9.94.99
unknown
d27wm444oowmat.cloudfront.net
  • 65.9.94.167
  • 65.9.94.196
  • 65.9.94.101
  • 65.9.94.62
unknown
download-lb.utorrent.com
  • 67.215.238.66
whitelisted
i-4101.b-5714.utweb.bench.utorrent.com
  • 52.45.10.136
  • 52.0.45.244
  • 52.0.175.9
  • 52.44.225.32
  • 44.219.44.167
  • 44.208.169.130
  • 52.22.132.19
  • 52.54.111.145
unknown
analytics.apis.mcafee.com
  • 54.214.185.147
  • 54.187.213.13
  • 34.213.112.26
  • 52.35.195.242
  • 34.216.131.95
  • 100.20.106.59
  • 52.36.137.129
  • 34.215.71.183
unknown
sadownload.mcafee.com
  • 23.48.23.53
  • 23.48.23.51
  • 23.48.23.34
  • 23.48.23.40
  • 23.48.23.5
  • 23.48.23.26
whitelisted
dht.libtorrent.org
  • 185.157.221.247
unknown
router.bittorrent.com
  • 67.215.246.10
shared

Threats

PID
Process
Class
Message
3676
utweb_installer.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
3676
utweb_installer.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
1924
utweb.exe
Potential Corporate Privacy Violation
ET P2P BitTorrent DHT ping request
1924
utweb.exe
Potentially Bad Traffic
ET POLICY Executable served from Amazon S3
1924
utweb.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
1088
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Global content delivery network (unpkg .com)
Process
Message
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in current directory
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe
NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\component0_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\component0_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe
NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\component0_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\component0_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe
NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\component0_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\component0_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe
NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\component0_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\component0_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
1kdw96cZxc4eZnX0acMA04.zip