Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/03/2024, 00:28

General

  • Target

    d67414b57b7b10f52caffc8007ef909b11b2234799d520f92390654cd7d77d3f.exe

  • Size

    362KB

  • MD5

    7930a0031d2a8d488da00efcee041ec0

  • SHA1

    522492d52032a4350248790ce72637646ccd56f7

  • SHA256

    d67414b57b7b10f52caffc8007ef909b11b2234799d520f92390654cd7d77d3f

  • SHA512

    0b8c7f57af39ece06a226cdf5347f09605ab219bc1b069e4a5fa1ed0049159614bbbec449b7ccbbd3bd4251fecbddcd684fb46cc7005ce5b46aa2d3bb5b80674

  • SSDEEP

    6144:PuOogy7brXN3OMxBxWjKq28FvcIR2GQilr0caF9xh:PuOA7b56rq

Score
10/10

Malware Config

Extracted

Family

urelas

C2

112.175.88.208

112.175.88.209

112.175.88.207

Signatures

  • Urelas

    Urelas is a trojan targeting card games.

  • Detects executables built or packed with MPress PE compressor 5 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d67414b57b7b10f52caffc8007ef909b11b2234799d520f92390654cd7d77d3f.exe
    "C:\Users\Admin\AppData\Local\Temp\d67414b57b7b10f52caffc8007ef909b11b2234799d520f92390654cd7d77d3f.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2356
    • C:\Users\Admin\AppData\Local\Temp\huter.exe
      "C:\Users\Admin\AppData\Local\Temp\huter.exe"
      2⤵
      • Executes dropped EXE
      PID:4568
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sanfdr.bat" "
      2⤵
        PID:1632

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini

            Filesize

            512B

            MD5

            02167b944a214fee3d34f9a7e356dc6a

            SHA1

            ca5b3f38a7151268726401593eb35f9b67bdde97

            SHA256

            77fcdadc9ba56daa81edb3f0ef876e38a8c7de56187c28c7d02992cd9e0a243d

            SHA512

            c8976c66724d737105a66699673052d7bc7f1e1941c91e03f97452aaba714d35b1d55434e950b00c58626b8bcf16186a731cccc503b7ba08f080ead3eaca5817

          • C:\Users\Admin\AppData\Local\Temp\huter.exe

            Filesize

            362KB

            MD5

            d5e639216e74edd75ba4618b87e9f072

            SHA1

            68f07610f910541de7830d13f7b9674ebb7a3810

            SHA256

            e56eb2c8081ba76609fcd2a0c7f77969793c8818b843db01c06d4053e77d59c2

            SHA512

            e8ab9cf930aae4c70e86820e533ebdf0fab0f212cf01d9a37770e35db66ce2b45531763ecbefaf2f54338d5b97573e351dc52661f305479cb178dcca1051c9d2

          • C:\Users\Admin\AppData\Local\Temp\sanfdr.bat

            Filesize

            338B

            MD5

            20cf6fe7f4dc07e81666477c903c3c09

            SHA1

            09c8c28016bf5f5d1f211a3dd493d3e006c56fbd

            SHA256

            40d62f674f70fbb3dd457ee4a0684bc3588b23672ca955cf0d089390ebc1bfc7

            SHA512

            a778c816053a6286cd0f8a7b0690b9e439511a998276b3d5b62df2d7c84f5ea73f072a9537655e221baeb5c6c98267e568426e75512c6fbdee7ba5fed9295f02

          • memory/2356-0-0x0000000000400000-0x0000000000437000-memory.dmp

            Filesize

            220KB

          • memory/2356-16-0x0000000000400000-0x0000000000437000-memory.dmp

            Filesize

            220KB

          • memory/4568-19-0x0000000000400000-0x0000000000437000-memory.dmp

            Filesize

            220KB

          • memory/4568-20-0x0000000000400000-0x0000000000437000-memory.dmp

            Filesize

            220KB