Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17/03/2024, 00:28

General

  • Target

    d67414b57b7b10f52caffc8007ef909b11b2234799d520f92390654cd7d77d3f.exe

  • Size

    362KB

  • MD5

    7930a0031d2a8d488da00efcee041ec0

  • SHA1

    522492d52032a4350248790ce72637646ccd56f7

  • SHA256

    d67414b57b7b10f52caffc8007ef909b11b2234799d520f92390654cd7d77d3f

  • SHA512

    0b8c7f57af39ece06a226cdf5347f09605ab219bc1b069e4a5fa1ed0049159614bbbec449b7ccbbd3bd4251fecbddcd684fb46cc7005ce5b46aa2d3bb5b80674

  • SSDEEP

    6144:PuOogy7brXN3OMxBxWjKq28FvcIR2GQilr0caF9xh:PuOA7b56rq

Score
10/10

Malware Config

Extracted

Family

urelas

C2

112.175.88.208

112.175.88.209

112.175.88.207

Signatures

  • Urelas

    Urelas is a trojan targeting card games.

  • Detects executables built or packed with MPress PE compressor 6 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d67414b57b7b10f52caffc8007ef909b11b2234799d520f92390654cd7d77d3f.exe
    "C:\Users\Admin\AppData\Local\Temp\d67414b57b7b10f52caffc8007ef909b11b2234799d520f92390654cd7d77d3f.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Users\Admin\AppData\Local\Temp\huter.exe
      "C:\Users\Admin\AppData\Local\Temp\huter.exe"
      2⤵
      • Executes dropped EXE
      PID:1584
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\sanfdr.bat" "
      2⤵
      • Deletes itself
      PID:2596

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini

          Filesize

          512B

          MD5

          02167b944a214fee3d34f9a7e356dc6a

          SHA1

          ca5b3f38a7151268726401593eb35f9b67bdde97

          SHA256

          77fcdadc9ba56daa81edb3f0ef876e38a8c7de56187c28c7d02992cd9e0a243d

          SHA512

          c8976c66724d737105a66699673052d7bc7f1e1941c91e03f97452aaba714d35b1d55434e950b00c58626b8bcf16186a731cccc503b7ba08f080ead3eaca5817

        • C:\Users\Admin\AppData\Local\Temp\sanfdr.bat

          Filesize

          338B

          MD5

          20cf6fe7f4dc07e81666477c903c3c09

          SHA1

          09c8c28016bf5f5d1f211a3dd493d3e006c56fbd

          SHA256

          40d62f674f70fbb3dd457ee4a0684bc3588b23672ca955cf0d089390ebc1bfc7

          SHA512

          a778c816053a6286cd0f8a7b0690b9e439511a998276b3d5b62df2d7c84f5ea73f072a9537655e221baeb5c6c98267e568426e75512c6fbdee7ba5fed9295f02

        • \Users\Admin\AppData\Local\Temp\huter.exe

          Filesize

          362KB

          MD5

          472e3caef3bbbcfb3c5557ad0ab7712b

          SHA1

          f4014dd25726d000ccddc384ecebeb29e725fa96

          SHA256

          74a38c32d59b8410348a59a67f385ae7f69be591776c9bc1db551b7aadb8bb8f

          SHA512

          6bd3ff8cf3962e955b5610a48f6f8c9360b9949ba9678fe554bd536d53aa735420d15baa83e0ce74407cb2d9cc93a0dca12d28533b626790dc657f614855b3cb

        • memory/1584-11-0x0000000000400000-0x0000000000437000-memory.dmp

          Filesize

          220KB

        • memory/1584-21-0x0000000000400000-0x0000000000437000-memory.dmp

          Filesize

          220KB

        • memory/1584-22-0x0000000000400000-0x0000000000437000-memory.dmp

          Filesize

          220KB

        • memory/2236-0-0x0000000000400000-0x0000000000437000-memory.dmp

          Filesize

          220KB

        • memory/2236-6-0x0000000002900000-0x0000000002937000-memory.dmp

          Filesize

          220KB

        • memory/2236-18-0x0000000000400000-0x0000000000437000-memory.dmp

          Filesize

          220KB