Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

66b4a9b9e1...cd.exe

windows7-x64

10

66b4a9b9e1...cd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/01/2024, 04:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66b4a9b9e1048b88dfd85a22f5985ccd.exe

  • Size

    49KB

  • MD5

    66b4a9b9e1048b88dfd85a22f5985ccd

  • SHA1

    66713e0d5bacde0f1f7b1a11ada1878c3b45bc83

  • SHA256

    d7ae91be36c221dcf4e8ba8d02919db653c632de1c084987e152d8e52f24e387

  • SHA512

    9a06deb2973792898b67c3521d15432730e4845682fcc816f388b7b08e6b109bad523ca99ad9e245caae47c67d8ebfb2fda048c1fcf78840308bb311e79e9e39

  • SSDEEP

    1536:834/PC7Ruz3hRXRASULZ6JKYdbzcmhCZny:It7R8fU6n8y

Score
10/10
urelastrojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Signatures

  • Urelas

    Urelas is a trojan targeting card games.

    trojanurelas
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\66b4a9b9e1048b88dfd85a22f5985ccd.exe
    "C:\Users\Admin\AppData\Local\Temp\66b4a9b9e1048b88dfd85a22f5985ccd.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Users\Admin\AppData\Local\Temp\mokdhft.exe
      "C:\Users\Admin\AppData\Local\Temp\mokdhft.exe"
      2⤵
      • Executes dropped EXE
      PID:3036
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\sanfdr.bat" "
      2⤵
      • Deletes itself
      PID:2844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini
    Filesize

    512B

    MD5

    39e55c2b5135dd669ad371cc03d79fc2

    SHA1

    d027fea84a269f8e556dfb5411ac3d01b9311017

    SHA256

    ecf7b9f0150af34b1d09f4602f0acf31445ff28e40b2411b0e32180bb8672919

    SHA512

    e75942d900b97d254097d8a44bfde16bdc99cc0f124541316a0987b2fb5433b7b1f12d4eff8b47d05e9068e7a038e4dd92998646448dcb0d6615a81a561ef280

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\sanfdr.bat
    Filesize

    274B

    MD5

    d30b04871154e17588f0a25f66059ba9

    SHA1

    2f84340526ff4cfaa9253feeeb6677049390bb9f

    SHA256

    7792b1864f78b8d73374472e7603c9c5c632f7edb3e1f20b140e7887308b35b3

    SHA512

    9bc39f3551c4f9af380e6f2144e06d1ff62519f9a6682993ffa9d5e73a60657dfae15c2cad32a60300011671ffaf11682d0ee0d01201ecb3cc86c1c727fb3e95

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mokdhft.exe
    Filesize

    49KB

    MD5

    fb8e0351ce1b445294f5af396a05e570

    SHA1

    ff6f3da6a51b2caf82493c520a7e0121cb888488

    SHA256

    f461c40bdfa07db67ce36451796bd1417a27209ad4f74b5727d1165e10a590bc

    SHA512

    d54c63782f7f7a958fcc947d046b67f06fbd9d3288ac301edef3dc7a55447d4e52c3fd0522b82e7614f70c68c6f4ac6d924f6b0d6b3b687fabe0f8ea98050ae9

    Download Submit

  • memory/1704-0-0x0000000001100000-0x0000000001133000-memory.dmp

    Filesize

    204KB

    Download

  • memory/1704-9-0x0000000000400000-0x0000000000433000-memory.dmp

    Filesize

    204KB

    Download

  • memory/1704-18-0x0000000001100000-0x0000000001133000-memory.dmp

    Filesize

    204KB

    Download

  • memory/3036-17-0x00000000008B0000-0x00000000008E3000-memory.dmp

    Filesize

    204KB

    Download

  • memory/3036-21-0x00000000008B0000-0x00000000008E3000-memory.dmp

    Filesize

    204KB

    Download

  • memory/3036-23-0x00000000008B0000-0x00000000008E3000-memory.dmp

    Filesize

    204KB

    Download

  • memory/3036-29-0x00000000008B0000-0x00000000008E3000-memory.dmp

    Filesize

    204KB

    Download