Overview

overview

10

Static

static

7

899f72d4ef...b6.exe

windows7-x64

10

899f72d4ef...b6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    2s
  • max time network
    13s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-01-2024 15:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    899f72d4ef7b108e5118d9ab16ea65b6.exe

  • Size

    327KB

  • MD5

    899f72d4ef7b108e5118d9ab16ea65b6

  • SHA1

    18aa2ec23b4a9f59492e1f621a304938d7cdad3b

  • SHA256

    8a0bf83aff94875877e5323bb1ba2ab81f531583f3e7026c031166de9c905e0d

  • SHA512

    98727e0e493010de0720ee7d7e9ab266066581fa54950f72af58ab04f90fabaf41b2f1a8057bbbab5c40879b614ba2a1d968c26f1f33c522b313dbf69a95fe37

  • SSDEEP

    6144:onOAG5ldEQdPd/2oSQbQFsrF1W/h84IrV7mMpH8zQW4jQw+kN:o/G5ldDPUoSiQi4kVdcQzjD

Score
10/10
urelastrojanupx

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Signatures

  • Urelas

    Urelas is a trojan targeting card games.

    trojanurelas
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\899f72d4ef7b108e5118d9ab16ea65b6.exe
    "C:\Users\Admin\AppData\Local\Temp\899f72d4ef7b108e5118d9ab16ea65b6.exe"
    1⤵
      PID:4936
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_uinsey.bat" "
        2⤵
          PID:1404
        • C:\Users\Admin\AppData\Local\Temp\ujguv.exe
          "C:\Users\Admin\AppData\Local\Temp\ujguv.exe"
          2⤵
            PID:4552
            • C:\Users\Admin\AppData\Local\Temp\seefs.exe
              "C:\Users\Admin\AppData\Local\Temp\seefs.exe"
              3⤵
                PID:2536

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\_uinsey.bat
            Filesize

            276B

            MD5

            8d8fc047abdf92696bded5bf8061c7b0

            SHA1

            6d2ee7bae973d23953a3fec32adf77d7befa7b5b

            SHA256

            10fcf20a24a156be72087a9d676d0ffa09ee6b68af7f337a435c54122520448c

            SHA512

            8a421dc0e8c04bfc7f382eaae979be06d9d49feda9b15ad8f40953ca704b4654db7f7d0e0f44245bd6453a15bb31c3a405c5269d12414b07200f6a3decbea918

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini
            Filesize

            512B

            MD5

            dcc4ecbd1f6e4143d3a1e1eaf1ba88c6

            SHA1

            36b97e59b457f0035dac3242d52482aed484f38c

            SHA256

            68efb1c5a77e9706b26cf676257c9b538f8a71a99ae051a9f5a281fbb90dd92c

            SHA512

            b1328a0b6d98e16605246e9f8e296a7cef4fc8eac541986d9db9bded6d53b17ba8b7d86ded36cae0abbb4b7343aa86b8a3d43668f16808dc51ce2015da9e752e

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\seefs.exe
            Filesize

            1KB

            MD5

            d30682417e007c46771c52eccaa873f2

            SHA1

            0cb69fa54872f8b5140a573201db061e3e5b5532

            SHA256

            52eb5167ff19ce8297c1bf6fd178f3ccf8fc7b202eb204cac9d1090e87d6fefa

            SHA512

            c8a608e298b2a3eb73d52ff48c90952f6c310510095be057ffec27bd211a75a126782c4e0d0f698e652c7b53bcb67299abbfd1068e41a352e57b7c0497e697a4

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\seefs.exe
            Filesize

            39KB

            MD5

            f23d9212702d1c37b0d02415e4141c0b

            SHA1

            05f582bfd7f65bf0bb778291943ddd8cb4d05469

            SHA256

            78a925d53b4618907b70195313cd8b922edb87c0d79481758d671a763b553457

            SHA512

            323b14077eb3e3e7f5a16f19841f7b0dd2cdca569c973d8cedc6beb7fb88e1f0e43c059a24ca3c8cf299ea903ba437970bd2d85fd810fb26c6f37758762d64d1

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\ujguv.exe
            Filesize

            22KB

            MD5

            00749bbba1bcc59395219c9c4f89cb0f

            SHA1

            51640318b54a10a11a5359eac81fa89a9f562b39

            SHA256

            bc15444598cebf41a31051846fc38799d852e7647b59b20f6a99dad9fb6c5caf

            SHA512

            8df7c6627c421a7f75b3e16dcb0bfe415eb02007cb622ed83574c8f9ea6ab4ef0cc99f90da713f348d65ed34dd7a0b34808cdf7ba648833793bea1978722c310

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\ujguv.exe
            Filesize

            29KB

            MD5

            4108da8bea7cb4d819aa568e820fe979

            SHA1

            2ff2d763be0d6e42fe9198bf078c4c2553d92398

            SHA256

            e76e5165af1c703b056d01bd6d03e84cdd43c942781600981ca82fe31ceb0752

            SHA512

            b3849ed7abb671bb28e9bce94dd77015858db4e8deaa9bee20d8586239d31de30bc2f423c5ea94c8cb85cd6511efb63ba66fad23a4bbb9b50e7abe5cf9dffed2

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\ujguv.exe
            Filesize

            12KB

            MD5

            69d04e4a41acce9a8df81acf47c58f61

            SHA1

            48ac2520d9c43ce1381400c51a835d042bcfc05f

            SHA256

            b6d4d42bb8dded1b157c5c2a1e80d25b3dac3571a6047f4494ddc65002c65a09

            SHA512

            4e9c7a6de8b999128842216dad77bdf65e251f0b45e124677fb5c0f53ea8dd688bca02c97e35a14f4ee4518a6de40dd5e8e58860e481029be488dfe9912bf70e

            Download Submit

          • memory/2536-40-0x0000000000400000-0x0000000000497000-memory.dmp

            Filesize

            604KB

            Download

          • memory/2536-39-0x0000000000400000-0x0000000000497000-memory.dmp

            Filesize

            604KB

            Download

          • memory/2536-38-0x0000000000400000-0x0000000000497000-memory.dmp

            Filesize

            604KB

            Download

          • memory/2536-36-0x00000000001D0000-0x00000000001D1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2536-35-0x0000000000400000-0x0000000000497000-memory.dmp

            Filesize

            604KB

            Download

          • memory/4552-17-0x0000000000400000-0x00000000004BE000-memory.dmp

            Filesize

            760KB

            Download

          • memory/4552-33-0x0000000000400000-0x00000000004BE000-memory.dmp

            Filesize

            760KB

            Download

          • memory/4552-12-0x0000000000400000-0x00000000004BE000-memory.dmp

            Filesize

            760KB

            Download

          • memory/4936-0-0x0000000000400000-0x00000000004BE000-memory.dmp

            Filesize

            760KB

            Download

          • memory/4936-14-0x0000000000400000-0x00000000004BE000-memory.dmp

            Filesize

            760KB

            Download