Overview

overview

10

Static

static

10

3eb1e68377...45.exe

windows7-x64

10

3eb1e68377...45.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    153s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09-04-2024 22:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3eb1e68377fb22d4b531be21ecda0f45.exe

  • Size

    457KB

  • MD5

    3eb1e68377fb22d4b531be21ecda0f45

  • SHA1

    f2063ab713fb85b60db9bd9a756935ce1b1db294

  • SHA256

    30bc6aac70c297dbc3f99cc8330d5cf5e0e67a71f87ed2342279501dae62a69a

  • SHA512

    37d3c1aaac772a1f2e1811aebcd558681b41b2b21f5eb37a1a1f15cf8a132772a4d6d5ba13d4fc87f5f7f577afa3f2ec9342bb838318cfc7bcfdc73e4e3bf5ef

  • SSDEEP

    6144:r/VW8rQ+dqof6VcVttGhZsXtvmqoI+CNLOnmIbCM2dWwh3gNUie2Jy+5vmSZGpq:ZtaQt+ZsFeI+CSZbyKLe2JPFl

Score
10/10
urelasaspackv2trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Signatures

  • Urelas

    Urelas is a trojan targeting card games.

    trojanurelas
  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 53 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3eb1e68377fb22d4b531be21ecda0f45.exe
    "C:\Users\Admin\AppData\Local\Temp\3eb1e68377fb22d4b531be21ecda0f45.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Users\Admin\AppData\Local\Temp\iwubu.exe
      "C:\Users\Admin\AppData\Local\Temp\iwubu.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2188
      • C:\Users\Admin\AppData\Local\Temp\befod.exe
        "C:\Users\Admin\AppData\Local\Temp\befod.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:2424
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\_uinsey.bat" "
      2⤵
      • Deletes itself
      PID:2920

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_uinsey.bat
    Filesize

    276B

    MD5

    d49099acd1ed0db38ac6cf0c46ccfce1

    SHA1

    58b34997d264cf0f99380aa9e91378edac2f9591

    SHA256

    08ae40514aa786730727bfec5ebb3e0ce069ede167548ca045fb80cf1c404b6d

    SHA512

    39b957d124b43f87fd247f572679be53ee07029740b4e62c536edb7109117ac37c0e0cd88d48a26d8431b77505aad5e4a8836a538d732558c7b9eeb4763c3c73

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini
    Filesize

    512B

    MD5

    5cac2da3bb67c48bb1d51cc530a8b92d

    SHA1

    a13ccac4d9644dd001393f938c3440910c5cfc33

    SHA256

    dbdb7c6ec25cd59c3868fce5fcb7b1f5065a62ac85cfcfb33621c14c2bacec8a

    SHA512

    5ce8bfddbd37204ba57485399ff1e80d2323bd7e85b3fa34375fc135e7b78aa7db9f6f7d0e630ba3a19e03e6aeb704aab4de1e5039dcafaf24d13e15c7b1d175

    Download Submit

  • \Users\Admin\AppData\Local\Temp\befod.exe
    Filesize

    225KB

    MD5

    6ceb62537be27dc7855855b0c9ead11d

    SHA1

    a6c111e149f75b1d219f0934cb5417ff4c33c566

    SHA256

    79c53c3cb188d4af9a0a666c2c61291674112d637f80435e9455c575de8be146

    SHA512

    73bbeb4b9b9c8eae079021f16fbeb98bcc1e93a2d0e878dcfb67c420ff58855d29ae2c71b5de1e0c9415b4bbd87fe3cd5cfa66eac652b2b31fca0c37b4b0cb48

    Download Submit

  • \Users\Admin\AppData\Local\Temp\iwubu.exe
    Filesize

    457KB

    MD5

    246f6e4bc61ce69d2e348cb96a111a89

    SHA1

    e8fce4f843ae7f1c6eefa0ea004ccb1b0103a7d0

    SHA256

    57f76773c7c7e9dd2b2fd56dfc3fa4053db440a46e186c71cfda7f12e7337ebf

    SHA512

    b1c413d603e4a3b99dd149a36cf2c5f26dca9fbd0711dc3ccb8f8d690a54309987038a13ea3bba83b08c1494558d3596fa778331ff1e3bd4195f24b9161d71c6

    Download Submit

  • memory/1932-1-0x00000000013E0000-0x0000000001460000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1932-7-0x0000000000970000-0x00000000009F0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1932-0-0x00000000013E0000-0x0000000001460000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1932-19-0x00000000013E0000-0x0000000001460000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2188-28-0x0000000003420000-0x00000000034BE000-memory.dmp

    Filesize

    632KB

    Download

  • memory/2188-22-0x00000000009F0000-0x0000000000A70000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2188-11-0x00000000009F0000-0x0000000000A70000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2188-29-0x00000000009F0000-0x0000000000A70000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2424-32-0x0000000000180000-0x000000000021E000-memory.dmp

    Filesize

    632KB

    Download

  • memory/2424-34-0x0000000000180000-0x000000000021E000-memory.dmp

    Filesize

    632KB

    Download

  • memory/2424-33-0x0000000000180000-0x000000000021E000-memory.dmp

    Filesize

    632KB

    Download

  • memory/2424-36-0x0000000000180000-0x000000000021E000-memory.dmp

    Filesize

    632KB

    Download

  • memory/2424-37-0x0000000000180000-0x000000000021E000-memory.dmp

    Filesize

    632KB

    Download

  • memory/2424-38-0x0000000000180000-0x000000000021E000-memory.dmp

    Filesize

    632KB

    Download

  • memory/2424-39-0x0000000000180000-0x000000000021E000-memory.dmp

    Filesize

    632KB

    Download

  • memory/2424-40-0x0000000000180000-0x000000000021E000-memory.dmp

    Filesize

    632KB

    Download