File name: | uTorrent.exe.7z |
Full analysis: | https://app.any.run/tasks/c8da881e-3d28-45fa-bde4-b74a5b202c07 |
Verdict: | Malicious activity |
Analysis date: | May 20, 2022, 18:50:58 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-7z-compressed |
File info: | 7-zip archive data, version 0.4 |
MD5: | DBF89D466AC69254FC3EF0F974E87B34 |
SHA1: | 12E8C0AC82088F465B9BD2CD121ECCA5F35532DC |
SHA256: | BF6E4B1A78FB9813F5A1C458720D5C3D3AF4A79FD25127B729D1F11BFCEA71D5 |
SSDEEP: | 49152:CVHyM48ov/9y94ACpZRyvGv++oVAF9RhukF2Cy:CVSh88Fy9KpZRQGv+JVG9 |
.7z | | | 7-Zip compressed archive (v0.4) (57.1) |
---|---|---|
.7z | | | 7-Zip compressed archive (gen) (42.8) |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
628 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\uTorrent.exe.7z" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
| |||||||||||||||
2136 | "C:\Users\admin\Desktop\uTorrent.exe" | C:\Users\admin\Desktop\uTorrent.exe | Explorer.EXE | ||||||||||||
User: admin Company: BitTorrent Inc. Integrity Level: MEDIUM Description: µTorrent Exit code: 1 Version: 3.5.5.46248 Modules
| |||||||||||||||
804 | "C:\Users\admin\Desktop\uTorrent.exe" /PERFORMINSTALL 128 "C:\Users\admin\AppData\Roaming\uTorrent" 1562882147 /HYDRA_EXCEPTION | C:\Users\admin\Desktop\uTorrent.exe | uTorrent.exe | ||||||||||||
User: admin Company: BitTorrent Inc. Integrity Level: HIGH Description: µTorrent Exit code: 1 Version: 3.5.5.46248 Modules
| |||||||||||||||
2108 | uTorrent.exe /NOINSTALL /BRINGTOFRONT | C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe | uTorrent.exe | ||||||||||||
User: admin Company: BitTorrent Inc. Integrity Level: MEDIUM Description: µTorrent Version: 3.5.5.46248 Modules
| |||||||||||||||
3592 | "C:\Users\admin\AppData\Roaming\uTorrent\updates\3.5.5_46248\utorrentie.exe" uTorrent_2108_0036C420_214933435 µTorrent4823DF041B09 uTorrent | C:\Users\admin\AppData\Roaming\uTorrent\updates\3.5.5_46248\utorrentie.exe | uTorrent.exe | ||||||||||||
User: admin Company: BitTorrent Inc. Integrity Level: LOW Description: WebHelper Version: 1.0.0 Modules
| |||||||||||||||
3520 | "C:\Users\admin\AppData\Roaming\uTorrent\updates\3.5.5_46248\utorrentie.exe" uTorrent_2108_0036C4B8_468758101 µTorrent4823DF041B09 uTorrent | C:\Users\admin\AppData\Roaming\uTorrent\updates\3.5.5_46248\utorrentie.exe | uTorrent.exe | ||||||||||||
User: admin Company: BitTorrent Inc. Integrity Level: LOW Description: WebHelper Version: 1.0.0 Modules
| |||||||||||||||
2856 | "C:\Program Files\Internet Explorer\iexplore.exe" http://utorrent.com/prodnews?v=3%2e5%2e5%2e1%2e46248 | C:\Program Files\Internet Explorer\iexplore.exe | uTorrent.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3184 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2856 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1860 | "C:\Users\admin\AppData\Roaming\uTorrent\updates\3.5.5_46248\utorrentie.exe" uTorrent_2108_0036C550_292476054 µTorrent4823DF041B09 uTorrent | C:\Users\admin\AppData\Roaming\uTorrent\updates\3.5.5_46248\utorrentie.exe | — | uTorrent.exe | |||||||||||
User: admin Company: BitTorrent Inc. Integrity Level: LOW Description: WebHelper Exit code: 0 Version: 1.0.0 Modules
| |||||||||||||||
1952 | "C:\Users\admin\AppData\Roaming\uTorrent\updates\3.5.5_46248\utorrentie.exe" uTorrent_2108_0036C550_721426769 µTorrent4823DF041B09 uTorrent | C:\Users\admin\AppData\Roaming\uTorrent\updates\3.5.5_46248\utorrentie.exe | — | uTorrent.exe | |||||||||||
User: admin Company: BitTorrent Inc. Integrity Level: LOW Description: WebHelper Exit code: 0 Version: 1.0.0 Modules
|
(PID) Process: | (628) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (628) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (628) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (628) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
(PID) Process: | (628) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (628) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\uTorrent.exe.7z | |||
(PID) Process: | (628) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (628) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (628) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (628) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2136 | uTorrent.exe | C:\Users\admin\AppData\Local\Temp\utt3574.tmp | — | |
MD5:— | SHA256:— | |||
804 | uTorrent.exe | C:\Users\admin\AppData\Local\Temp\utt3BDD.tmp | — | |
MD5:— | SHA256:— | |||
2136 | uTorrent.exe | C:\Users\admin\AppData\Roaming\uTorrent\settings.dat.old | binary | |
MD5:91CA46D943B12EFA73A8AF9586323895 | SHA256:10E47CA74C7DC798609EC553B86AB1BE7C6CD1DB4107CDA617F58BE0D712EA1E | |||
628 | WinRAR.exe | C:\Users\admin\Desktop\uTorrent.exe | executable | |
MD5:A81350E6DEA0B48BD6B49CA5678ECA50 | SHA256:CD1FE8B74674F3DC534D9782D3D1ABFCD6658DEDC215E70538A00ECF91D21FCA | |||
2136 | uTorrent.exe | C:\Users\admin\AppData\Local\Temp\utt84FD.tmp | — | |
MD5:— | SHA256:— | |||
2136 | uTorrent.exe | C:\Users\admin\AppData\Local\Temp\utt850D.tmp | — | |
MD5:— | SHA256:— | |||
2108 | uTorrent.exe | C:\Users\admin\AppData\Local\Temp\utt86E0.tmp | — | |
MD5:— | SHA256:— | |||
2136 | uTorrent.exe | C:\Users\admin\AppData\Roaming\uTorrent\settings.dat | binary | |
MD5:91CA46D943B12EFA73A8AF9586323895 | SHA256:10E47CA74C7DC798609EC553B86AB1BE7C6CD1DB4107CDA617F58BE0D712EA1E | |||
2136 | uTorrent.exe | C:\Users\admin\AppData\Roaming\uTorrent\updates\3.5.5_46248.exe | executable | |
MD5:A81350E6DEA0B48BD6B49CA5678ECA50 | SHA256:CD1FE8B74674F3DC534D9782D3D1ABFCD6658DEDC215E70538A00ECF91D21FCA | |||
804 | uTorrent.exe | C:\Users\admin\AppData\Roaming\uTorrent\toolbar_offer.benc | text | |
MD5:A5C6B6FD78E11FF24076B53A50B1439C | SHA256:B22E412920F7C81D4B88F4A42D352A246F70E321F561022813AB2ACC7F5925EA |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
804 | uTorrent.exe | GET | 200 | 67.215.246.203:80 | http://update.utorrent.com/installstats.php?cl=uTorrent&v=111916200&h=lJP_eKScK2q_Uqcd&w=1DB10106&bu=0&pr=0&cmp=0&ocmp=0&showwarning&pid=804&cau=0&lunv=0&view=win32 | US | — | — | whitelisted |
804 | uTorrent.exe | GET | 200 | 67.215.246.203:80 | http://update.utorrent.com/installstats.php?cl=uTorrent&v=111916200&h=lJP_eKScK2q_Uqcd&w=1DB10106&bu=0&pr=0&cmp=0&ocmp=0&showtorrentoffer&pid=804&cau=0&lunv=0&toroffer=0&torofferid=<NULL>&view=win32 | US | — | — | whitelisted |
2108 | uTorrent.exe | GET | — | 178.79.242.16:80 | http://apps.bittorrent.com/utorrent-onboarding/player.btapp | DE | — | — | whitelisted |
804 | uTorrent.exe | GET | 200 | 67.215.246.203:80 | http://update.utorrent.com/installstats.php?cl=uTorrent&v=111916200&h=lJP_eKScK2q_Uqcd&w=1DB10106&bu=0&pr=0&cmp=0&ocmp=0&installresult&pid=804&cau=0&lunv=0&installresult=0&exit=1&au=0&ic=1&view=win32 | US | — | — | whitelisted |
804 | uTorrent.exe | GET | 200 | 67.215.246.203:80 | http://update.utorrent.com/installstats.php?cl=uTorrent&v=111916200&h=lJP_eKScK2q_Uqcd&w=1DB10106&bu=0&pr=0&cmp=0&ocmp=0&showtbexists&pid=804&cau=0&lunv=0&tbe=0&view=win32 | US | — | — | whitelisted |
804 | uTorrent.exe | GET | 200 | 67.215.246.203:80 | http://update.utorrent.com/installstats.php?cl=uTorrent&v=111916200&h=lJP_eKScK2q_Uqcd&w=1DB10106&bu=0&pr=0&cmp=0&ocmp=0&showinstall&pid=804&cau=0&lunv=0&au=0&view=win32 | US | — | — | whitelisted |
804 | uTorrent.exe | GET | 200 | 67.215.246.203:80 | http://update.utorrent.com/installstats.php?cl=uTorrent&v=111916200&h=lJP_eKScK2q_Uqcd&w=1DB10106&bu=0&pr=0&cmp=0&ocmp=0&wizardcomplete&pid=804&cau=0&lunv=0&view=win32 | US | — | — | whitelisted |
2108 | uTorrent.exe | GET | 200 | 178.79.242.181:80 | http://cdn.ap.bittorrent.com/control/feature/tags/ut.json | DE | binary | 2.85 Kb | shared |
804 | uTorrent.exe | GET | 200 | 67.215.246.203:80 | http://update.utorrent.com/installoffer.php?h=lJP_eKScK2q_Uqcd&v=111916200&w=1DB10106&l=en&c=US&db=ie&cl=uTorrent&tsub=1&svp=4 | US | text | 97 b | whitelisted |
3520 | utorrentie.exe | GET | 200 | 178.79.242.181:80 | http://cdn.bitmedianetwork.com/adzerk/ados-bt.js | DE | text | 26.8 Kb | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2136 | uTorrent.exe | 67.215.246.203:80 | update.utorrent.com | QuadraNet, Inc | US | suspicious |
804 | uTorrent.exe | 67.215.246.203:80 | update.utorrent.com | QuadraNet, Inc | US | suspicious |
2136 | uTorrent.exe | 50.16.231.192:80 | i-50.b-46248.ut.bench.utorrent.com | Amazon.com, Inc. | US | suspicious |
— | — | 107.22.246.37:80 | i-21.b-46248.ut.bench.utorrent.com | Amazon.com, Inc. | US | suspicious |
2108 | uTorrent.exe | 98.143.146.7:80 | utorrent.com | QuadraNet, Inc | US | suspicious |
2136 | uTorrent.exe | 107.22.246.37:80 | i-21.b-46248.ut.bench.utorrent.com | Amazon.com, Inc. | US | suspicious |
2108 | uTorrent.exe | 50.19.89.154:80 | i-29.b-46248.ut.bench.utorrent.com | Amazon.com, Inc. | US | suspicious |
2108 | uTorrent.exe | 173.254.195.58:80 | update.bittorrent.com | QuadraNet, Inc | US | suspicious |
2108 | uTorrent.exe | 178.79.242.16:80 | apps.bittorrent.com | Limelight Networks, Inc. | DE | suspicious |
3592 | utorrentie.exe | 178.79.242.181:443 | cdn.ap.bittorrent.com | Limelight Networks, Inc. | DE | suspicious |
Domain | IP | Reputation |
---|---|---|
router.bittorrent.com |
| shared |
router.utorrent.com |
| whitelisted |
i-21.b-46248.ut.bench.utorrent.com |
| suspicious |
i-50.b-46248.ut.bench.utorrent.com |
| suspicious |
update.utorrent.com |
| whitelisted |
utorrent.com |
| whitelisted |
apps.bittorrent.com |
| whitelisted |
i-29.b-46248.ut.bench.utorrent.com |
| suspicious |
update.bittorrent.com |
| whitelisted |
cdn.ap.bittorrent.com |
| shared |
PID | Process | Class | Message |
---|---|---|---|
804 | uTorrent.exe | Potential Corporate Privacy Violation | ET P2P Bittorrent P2P Client User-Agent (uTorrent) |
804 | uTorrent.exe | Potential Corporate Privacy Violation | ET P2P Bittorrent P2P Client User-Agent (uTorrent) |
804 | uTorrent.exe | Potential Corporate Privacy Violation | ET P2P Bittorrent P2P Client User-Agent (uTorrent) |
804 | uTorrent.exe | Potential Corporate Privacy Violation | ET P2P Bittorrent P2P Client User-Agent (uTorrent) |
804 | uTorrent.exe | Potential Corporate Privacy Violation | ET P2P Bittorrent P2P Client User-Agent (uTorrent) |
804 | uTorrent.exe | Potential Corporate Privacy Violation | ET P2P Bittorrent P2P Client User-Agent (uTorrent) |
804 | uTorrent.exe | Potential Corporate Privacy Violation | ET P2P Bittorrent P2P Client User-Agent (uTorrent) |
2108 | uTorrent.exe | Potential Corporate Privacy Violation | ET P2P BTWebClient UA uTorrent in use |
2108 | uTorrent.exe | Potential Corporate Privacy Violation | ET P2P BTWebClient UA uTorrent in use |
2108 | uTorrent.exe | Potential Corporate Privacy Violation | ET P2P BitTorrent DHT ping request |