bacf009632a3029bb75721a4de318e47dee953bb782b286d1241f0cf54b3cfe2

Analysis

max time kernel
1794s
max time network
1800s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 21:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ursad.exe
Size

14.6MB
MD5

98a137550ea0d2fd65e6b45a6314b04e
SHA1

3d3e3a8fa6c3d1ccd98b51271b73a358b1f01920
SHA256

b685a2cff86cb6b2d14f66f9322433b10efdc49732db11b8bffc4a8155f7a9da
SHA512

e426dd2d0fb47a35ccf903f955e5dadb9e27495ed473963f925b7c60da8ca47a25ef56e3465851c5c6710f82622b967fb7bb618021f4922568321d9af826e853
SSDEEP

98304:6XnSohUY6XXI2+KatM9G/eFBYxUp1irAMOD8jO+C4yCgef70eL7RnKqI+VG/lDtn:63SoyOr9tM0m7Y8cyYIe5nKqI+VG/Q0

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 29 IoCs

pid	Process
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe
4092	ursad.exe

C:\Users\Admin\AppData\Local\Temp\ursad.exe
"C:\Users\Admin\AppData\Local\Temp\ursad.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4092

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\UrsaCore\blocks\blk00000.dat

Filesize
412KB

MD5
92794d1632e4af66666de1d4a2598fb0

SHA1
bcf29e4c4c86bd9bdf452d9c9f5cff1296eddb07

SHA256
4fa80c6a78c851e58355ba41b7737ae7620c07100632cef6766bc8b1ff154d01

SHA512
5b8b810f4a3b76f355d924afc4a5fb45c7c39a49fa2ff5e4788229540699ae58bc313311ef9aba08decc52d4b2d36240673bdd114863d317d0634712f7718764

Download Submit
C:\Users\Admin\AppData\Roaming\UrsaCore\blocks\rev00000.dat

Filesize
1024KB

MD5
cdda2e6a603336fb5b893b928872fb23

SHA1
38bc375d130bd6a6b4f76960163be963f2160d43

SHA256
e82d1716af08fb33c928cb5f797185dd866c8d4d77847e9ad95bffe2e6dca4fb

SHA512
3e350f663bcd2509eb45b4a64cde8eaa481b63743f7ce5fdfb4e589099169d2efba8164902bb194b1340fa73bb6ad83b64f47f916313fbb658bfb954c4448e37

Download Submit
C:\Users\Admin\AppData\Roaming\UrsaCore\evodb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Roaming\UrsaCore\evodb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\UrsaCore\llmq\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\UrsaCore\wallets\wallet.dat

Filesize
656KB

MD5
2b7bd07e89f2824ba1273779efdcddd7

SHA1
fd869d05230f6a3fd2981003e8278ea57523f07b

SHA256
2bc09efb2723d1a4f85e70e129fb4a47922c5e8ede8f58352242ba1c4e55ee0f

SHA512
afbf5cab403803a59510064b8df407a2970b45db88fdafc8d9b3a8eeb44ba2544e9d0cfc780ee096254f8651c1a58d7c6456bd9e06fcab07939be6b02f5d134c

Download Submit
memory/4092-85-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-86-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-753-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-788-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-885-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-910-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-911-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-912-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-913-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-914-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-915-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-916-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-917-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-918-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-919-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-976-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-977-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-978-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-979-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-980-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-981-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-982-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-983-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-984-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-985-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-986-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-987-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-988-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-989-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-990-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-991-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-992-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-993-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-994-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-995-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-996-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-997-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-998-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-999-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1000-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1001-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1002-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1003-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1004-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1005-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1006-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1007-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1008-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1009-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1010-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1011-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1012-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1013-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1014-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1015-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1016-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1017-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1018-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1019-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1020-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1021-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1022-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1023-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download
memory/4092-1024-0x0000000000020000-0x0000000000ED6000-memory.dmp

Filesize
14.7MB

Download