Analysis

  • max time kernel
    56s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03-01-2024 15:43

General

  • Target

    899f72d4ef7b108e5118d9ab16ea65b6.exe

  • Size

    327KB

  • MD5

    899f72d4ef7b108e5118d9ab16ea65b6

  • SHA1

    18aa2ec23b4a9f59492e1f621a304938d7cdad3b

  • SHA256

    8a0bf83aff94875877e5323bb1ba2ab81f531583f3e7026c031166de9c905e0d

  • SHA512

    98727e0e493010de0720ee7d7e9ab266066581fa54950f72af58ab04f90fabaf41b2f1a8057bbbab5c40879b614ba2a1d968c26f1f33c522b313dbf69a95fe37

  • SSDEEP

    6144:onOAG5ldEQdPd/2oSQbQFsrF1W/h84IrV7mMpH8zQW4jQw+kN:o/G5ldDPUoSiQi4kVdcQzjD

Score
10/10

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Signatures

  • Urelas

    Urelas is a trojan targeting card games.

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\899f72d4ef7b108e5118d9ab16ea65b6.exe
    "C:\Users\Admin\AppData\Local\Temp\899f72d4ef7b108e5118d9ab16ea65b6.exe"
    1⤵
      PID:2764
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\_uinsey.bat" "
        2⤵
          PID:1996
        • C:\Users\Admin\AppData\Local\Temp\ruvoy.exe
          "C:\Users\Admin\AppData\Local\Temp\ruvoy.exe"
          2⤵
            PID:2548

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_uinsey.bat

          Filesize

          276B

          MD5

          8d8fc047abdf92696bded5bf8061c7b0

          SHA1

          6d2ee7bae973d23953a3fec32adf77d7befa7b5b

          SHA256

          10fcf20a24a156be72087a9d676d0ffa09ee6b68af7f337a435c54122520448c

          SHA512

          8a421dc0e8c04bfc7f382eaae979be06d9d49feda9b15ad8f40953ca704b4654db7f7d0e0f44245bd6453a15bb31c3a405c5269d12414b07200f6a3decbea918

        • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini

          Filesize

          512B

          MD5

          43ba6a32a98bf39e25662ef039a05808

          SHA1

          0ae2f3b33c97ff0bc5d6aaab19d2c41515865354

          SHA256

          76aead7623518aa5db27d0401f98509249c8fc9eb5c6411154d48fca67c315c4

          SHA512

          0f5479421acf3f13e4b4e5193ea7d788caf214f5a1093da55570108a723caad45600184c24f90fe5a84a515211a127b0f3905aa0e7cc71009a77f43eada16b8c

        • C:\Users\Admin\AppData\Local\Temp\ruvoy.exe

          Filesize

          1KB

          MD5

          8d27c88ed07be40359061124b96c11cf

          SHA1

          4f6f92359168fea701762ac4c9798cfbde96766f

          SHA256

          6af9c00109978e01767c1e0565bcd94432867eda0bb6a250ac7f646a7dd5459c

          SHA512

          24f13635433340c363800c4f144ce34d08b88ae704dc25e533de44afa736a4aaac153f1ba59b07fd7d4aa50e4b89add0781319b7ef746d1611ac8f7af5690b6c

        • \Users\Admin\AppData\Local\Temp\ruvoy.exe

          Filesize

          2KB

          MD5

          d8db2052f0c6fa4352d6d34ba12938cb

          SHA1

          e89d1159441d318bcc75308cc4bf066a8efad7d1

          SHA256

          965c320cb91adfe52cc65d684f6a3b970147bf8d3e87d3fb06accefd5d9a94fa

          SHA512

          e8d1a68de5564986534f1bad3a4bcfbb4ba2a57158ac282f8a34135bae3f8185e2e5f598c3a29e4603613c90f1880a5fdf3d2674f1069dce98088006c5646333

        • memory/2548-16-0x0000000000400000-0x00000000004BE000-memory.dmp

          Filesize

          760KB

        • memory/2548-21-0x0000000000400000-0x00000000004BE000-memory.dmp

          Filesize

          760KB

        • memory/2764-0-0x0000000000400000-0x00000000004BE000-memory.dmp

          Filesize

          760KB

        • memory/2764-18-0x0000000000400000-0x00000000004BE000-memory.dmp

          Filesize

          760KB

        • memory/2764-9-0x0000000002850000-0x000000000290E000-memory.dmp

          Filesize

          760KB