Overview

overview

10

Static

static

10

9900f33a48...d5.exe

windows7-x64

10

9900f33a48...d5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-02-2024 09:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9900f33a486602a3ef607315ddfbc5d5.exe

  • Size

    207KB

  • MD5

    9900f33a486602a3ef607315ddfbc5d5

  • SHA1

    823d60c6201d1dcc7074cb2eec839d2b6f2dd8b7

  • SHA256

    8a7a48b1ff66be411e5035e375b858f6b769032a13d5a2c4b5b34c745dbee5b0

  • SHA512

    0b249a22c7c8e1d8c64034773f2e1e026a19417e3c225870fd33cf14ccc17c6aac2275329157ba5e7acc5fc6d41d15db96d4c0c20b477d06db7efa107817370f

  • SSDEEP

    1536:1BucKHs7K2HEG7BpoWiZBYHs977q+7INVdU2Aneb61TVcz+3MJb6rc3:PuchogM57bIL+eb61TVa+3MJb6S

Score
10/10
urelastrojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.208

112.175.88.209

112.175.88.207

Signatures

  • Urelas

    Urelas is a trojan targeting card games.

    trojanurelas
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9900f33a486602a3ef607315ddfbc5d5.exe
    "C:\Users\Admin\AppData\Local\Temp\9900f33a486602a3ef607315ddfbc5d5.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:748
    • C:\Users\Admin\AppData\Local\Temp\huter.exe
      "C:\Users\Admin\AppData\Local\Temp\huter.exe"
      2⤵
      • Executes dropped EXE
      PID:2996
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sanfdr.bat" "
      2⤵
        PID:3272

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini
      Filesize

      512B

      MD5

      02167b944a214fee3d34f9a7e356dc6a

      SHA1

      ca5b3f38a7151268726401593eb35f9b67bdde97

      SHA256

      77fcdadc9ba56daa81edb3f0ef876e38a8c7de56187c28c7d02992cd9e0a243d

      SHA512

      c8976c66724d737105a66699673052d7bc7f1e1941c91e03f97452aaba714d35b1d55434e950b00c58626b8bcf16186a731cccc503b7ba08f080ead3eaca5817

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\huter.exe
      Filesize

      207KB

      MD5

      0b768e622d68223dd3c3f88302fc1821

      SHA1

      5a7e1f92a4ece7349ba0228c35a3c318315057f2

      SHA256

      7a0c3bd9dcd44c9e7204e8b8eda636f18ec850573a4340a7386ba7f17637200a

      SHA512

      50ed34d390b2d7c5dbdad5c01bb6aa5d930e47a6ce480225d7d83025b6e31e204166e5526ba54226830804adc8fefb0075706937689a2f897f1983c2a29fc479

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\sanfdr.bat
      Filesize

      274B

      MD5

      dbeeaaed6f591e1f8a3f922c5f5ab559

      SHA1

      24616e0e55ae0f1fb2e8d406de3c8c3d9de5be42

      SHA256

      e382c930cfa45beaf577647ee69b3ce6e3010fa5a3da4b20cfc1d523ea039938

      SHA512

      e5efdd9605d6dcf33398c44683935c77f8db37000ba8695099e017ba7ed19d5f54b6ab90ba13bd391f5323debb779cf828ef700b17e4a41fa79264201665ce56

      Download Submit

    • memory/748-0-0x0000000000400000-0x0000000000437000-memory.dmp

      Filesize

      220KB

      Download

    • memory/748-17-0x0000000000400000-0x0000000000437000-memory.dmp

      Filesize

      220KB

      Download

    • memory/2996-15-0x0000000000400000-0x0000000000437000-memory.dmp

      Filesize

      220KB

      Download

    • memory/2996-20-0x0000000000400000-0x0000000000437000-memory.dmp

      Filesize

      220KB

      Download

    • memory/2996-21-0x0000000000400000-0x0000000000437000-memory.dmp

      Filesize

      220KB

      Download