Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    16/03/2024, 21:32

General

  • Target

    7f02d1ddec3408e30540d23cb5c1c52b87cad76c81b8bdb01c0c109b2110ea52.exe

  • Size

    144KB

  • MD5

    55e10a94b3902e34a4658d89ba65c088

  • SHA1

    e267b0f05a9b8f080383b0636e830828b34bf0d8

  • SHA256

    7f02d1ddec3408e30540d23cb5c1c52b87cad76c81b8bdb01c0c109b2110ea52

  • SHA512

    b581928c7cefd72d5980e272c136b668059b769146c44e8940bd12ab17cb912fdfd9c25770357f5207a904ec98a19ff9f4243c1d4cc2839340690fd4e3f000d2

  • SSDEEP

    1536:1i+N6u0utYGsoK2mEGIBp+WWN7YfEj77iZ76vVGU2AjK15t5uPpdrcIPWAWvnTX4:wYYutRQSc/7c6tJK7t5uPpdrxOhvnTo

Score
10/10

Malware Config

Signatures

  • Urelas

    Urelas is a trojan targeting card games.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f02d1ddec3408e30540d23cb5c1c52b87cad76c81b8bdb01c0c109b2110ea52.exe
    "C:\Users\Admin\AppData\Local\Temp\7f02d1ddec3408e30540d23cb5c1c52b87cad76c81b8bdb01c0c109b2110ea52.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1764
    • C:\Users\Admin\AppData\Local\Temp\huter.exe
      "C:\Users\Admin\AppData\Local\Temp\huter.exe"
      2⤵
      • Executes dropped EXE
      PID:2196
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\sanfdr.bat" "
      2⤵
      • Deletes itself
      PID:2900

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini

          Filesize

          512B

          MD5

          55d2fdd1432483e3ba86ebeccfe130b6

          SHA1

          7280b14d708800fd15303b2caa8628a0fbd7aa08

          SHA256

          5cfd1668ec0e5f3b5f8d04e54091d6f173bede6e6f9bb418819fd550095139fb

          SHA512

          36fd81128552356672b52936699c5e6362268c8131857e778e02a6862600c4feb20d13063d5f838e0887cb5083c648d39fe07faffba18c26387760752f9dd1f3

        • C:\Users\Admin\AppData\Local\Temp\sanfdr.bat

          Filesize

          338B

          MD5

          d388148d77b8449ac1a2587cf34a5167

          SHA1

          adea710e690f9a619e0bbd4a0e4d4f5195992c48

          SHA256

          e1ef321bd4e6fe5ec34a1719d9e79ceac6400e8867953d92b35565f9c7f50d76

          SHA512

          e9acbd7d167d43aac80d5e88e8be7fb31b43ac326b2fc0400f565f505908a5be8835a28c72464021ad1c915ffbd7d29f01cda102f7c90445d6ad34c9c2a886cb

        • \Users\Admin\AppData\Local\Temp\huter.exe

          Filesize

          144KB

          MD5

          55e10a94b3902e34a4658d89ba65c088

          SHA1

          e267b0f05a9b8f080383b0636e830828b34bf0d8

          SHA256

          7f02d1ddec3408e30540d23cb5c1c52b87cad76c81b8bdb01c0c109b2110ea52

          SHA512

          b581928c7cefd72d5980e272c136b668059b769146c44e8940bd12ab17cb912fdfd9c25770357f5207a904ec98a19ff9f4243c1d4cc2839340690fd4e3f000d2