Overview

overview

3

Static

static

3

ursa-cli.exe

windows7-x64

1

ursa-cli.exe

windows10-2004-x64

1

ursa-qt.exe

windows7-x64

3

ursa-qt.exe

windows10-2004-x64

1

ursad.exe

windows7-x64

1

ursad.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    1797s
  • max time network
    1799s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/02/2024, 21:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ursad.exe

  • Size

    14.6MB

  • MD5

    98a137550ea0d2fd65e6b45a6314b04e

  • SHA1

    3d3e3a8fa6c3d1ccd98b51271b73a358b1f01920

  • SHA256

    b685a2cff86cb6b2d14f66f9322433b10efdc49732db11b8bffc4a8155f7a9da

  • SHA512

    e426dd2d0fb47a35ccf903f955e5dadb9e27495ed473963f925b7c60da8ca47a25ef56e3465851c5c6710f82622b967fb7bb618021f4922568321d9af826e853

  • SSDEEP

    98304:6XnSohUY6XXI2+KatM9G/eFBYxUp1irAMOD8jO+C4yCgef70eL7RnKqI+VG/lDtn:63SoyOr9tM0m7Y8cyYIe5nKqI+VG/Q0

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ursad.exe
    "C:\Users\Admin\AppData\Local\Temp\ursad.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2712
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:2116

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\UrsaCore\blocks\blk00000.dat
      Filesize

      16.0MB

      MD5

      e5855e64fd06760ca5dc21349713a651

      SHA1

      c46d055266ec7e284d0ea29123784e6eb58bf926

      SHA256

      44c408fee1ce18abddf8f71c2dba9691ec484c26be41b0d786869415e59afd9f

      SHA512

      6db7071b654d0da5ed059023a34e94872fcfa7793f45aad13d4220a7a8e283a4a027387c9c58a0ab7433d0370fcf6c2a301a9591d164bb2e4165dc17e7f5e8ac

      Download Submit

    • C:\Users\Admin\AppData\Roaming\UrsaCore\blocks\rev00000.dat
      Filesize

      1024KB

      MD5

      cdda2e6a603336fb5b893b928872fb23

      SHA1

      38bc375d130bd6a6b4f76960163be963f2160d43

      SHA256

      e82d1716af08fb33c928cb5f797185dd866c8d4d77847e9ad95bffe2e6dca4fb

      SHA512

      3e350f663bcd2509eb45b4a64cde8eaa481b63743f7ce5fdfb4e589099169d2efba8164902bb194b1340fa73bb6ad83b64f47f916313fbb658bfb954c4448e37

      Download Submit

    • C:\Users\Admin\AppData\Roaming\UrsaCore\evodb\000002.dbtmp
      Filesize

      16B

      MD5

      206702161f94c5cd39fadd03f4014d98

      SHA1

      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

      SHA256

      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

      SHA512

      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

      Download Submit

    • C:\Users\Admin\AppData\Roaming\UrsaCore\evodb\CURRENT
      Filesize

      16B

      MD5

      46295cac801e5d4857d09837238a6394

      SHA1

      44e0fa1b517dbf802b18faf0785eeea6ac51594b

      SHA256

      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

      SHA512

      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

      Download Submit

    • C:\Users\Admin\AppData\Roaming\UrsaCore\llmq\MANIFEST-000001
      Filesize

      41B

      MD5

      5af87dfd673ba2115e2fcf5cfdb727ab

      SHA1

      d5b5bbf396dc291274584ef71f444f420b6056f1

      SHA256

      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

      SHA512

      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

      Download Submit

    • C:\Users\Admin\AppData\Roaming\UrsaCore\wallets\wallet.dat
      Filesize

      656KB

      MD5

      f5240b3104b87ef162db2b4d95cff8b2

      SHA1

      dd1d8ddacb22d0079bca18a6ea23808ed72e908a

      SHA256

      52af104d6cab9bf8412cbe92734c276e8311432e0948cfea789dce3fd26c31c5

      SHA512

      4e9b92c76fc30e29fe0b3a0bd19fea1f8e7a47598ba6d99ee88261d8fc961914c99c8cf3410dda3ab0ca2c926b371a4085a27fdff2984ce094460f9ec395c7d4

      Download Submit

    • memory/2712-84-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-85-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-370-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-835-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1062-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1305-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1527-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1646-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1647-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1648-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1649-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1650-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1651-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1652-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1653-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1654-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1655-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1656-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1657-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1658-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1659-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1660-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1661-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1662-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1663-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1664-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1665-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1666-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1667-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1668-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1669-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1670-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1671-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1672-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1673-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1674-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1675-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1676-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1677-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1678-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1679-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1680-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1681-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1682-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1683-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1684-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1685-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1686-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1687-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1688-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1689-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1690-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1691-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1692-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1693-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1694-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1695-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1696-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1697-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1698-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1699-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1700-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1701-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download

    • memory/2712-1702-0x0000000000180000-0x0000000001036000-memory.dmp

      Filesize

      14.7MB

      Download