Overview

overview

10

Static

static

10

22051fe620...d9.exe

windows7-x64

10

22051fe620...d9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/04/2024, 21:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    22051fe620612a3673c038469d3d0cd9.exe

  • Size

    216KB

  • MD5

    22051fe620612a3673c038469d3d0cd9

  • SHA1

    84b4e1666534d3105da0df7e02e2b6b37e822ee4

  • SHA256

    6cb90d341021fec8f16549f52e08c311b4496ea0556ffad29e72ea8f6b131b96

  • SHA512

    c00e2c68fcfc227001b08fc49311cba39fd301fc0e34821637c2e283e9a70594c19d1032a26449571e570033d438abf4c6f120945ab875b38fd8f3c7815e5604

  • SSDEEP

    1536:1q1utPdWHdPEzoT2/VhWbnoZSKLfiGGPgq3ePAH8PNqWxCxrR/x9sU4BH7TTg:1fPdWqV0CvL6GGCPNqWUxrR/x9sTBHU

Score
10/10
urelastrojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.77

218.54.47.74

Signatures

  • Urelas

    Urelas is a trojan targeting card games.

    trojanurelas
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22051fe620612a3673c038469d3d0cd9.exe
    "C:\Users\Admin\AppData\Local\Temp\22051fe620612a3673c038469d3d0cd9.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\Users\Admin\AppData\Local\Temp\huter.exe
      "C:\Users\Admin\AppData\Local\Temp\huter.exe"
      2⤵
      • Executes dropped EXE
      PID:3252
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sanfdr.bat" "
      2⤵
        PID:3100

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini
            Filesize

            512B

            MD5

            d8c69e006046149f40585fb3e1bfafb4

            SHA1

            97073fb1d116248dbecd009e4bf873ab45c6c2da

            SHA256

            df1edebe6911c5127449117bdcec2878b0ecaff3e930a37e13aefe54363be228

            SHA512

            b8f5c75fbbddbb185a82395b59f75802cf800dac792c7256261998f3b4a965f180a901f4bd4e873b1cec0ac7acb77e09ec793c8b19ac2d1fdf115e57c42626b9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\huter.exe
            Filesize

            216KB

            MD5

            6abd49fca4c14d90d7c39f118c0a2a93

            SHA1

            298695e5ec037ef17ca7ddebe3b5c820da6d0539

            SHA256

            776b5a0da3b29f3dd6401094ad1505a1f3994630e5ce4c7470595beacbe95f2f

            SHA512

            8d5c4185765b667e767b4d1f7012a4ba057cb63021cdf20bd239fb5f62c4931f3a4627c544ea14eb18b31c1c89796aa6a0bcb329d63a97b2f3f68c010ceed5f9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\sanfdr.bat
            Filesize

            274B

            MD5

            12987fb074927d855d4b2060ec815796

            SHA1

            52cafbe309322ed20beb50060851abe3d5ae8b7b

            SHA256

            6443d380f8661728a9874dcd26ff8271bde238e07a038dbeeb5ad8b6466f4d88

            SHA512

            c838d9ff2fe6ebb7f8e94bb8a570b5210739eabc1308bf0f1dbe614a5b743a1222219de861e0a25531f15cd416e9798c64bc329c79f0cd900e52ecfecc95f024

            Download Submit

          • memory/3000-0-0x0000000000400000-0x0000000000439000-memory.dmp

            Filesize

            228KB

            Download

          • memory/3000-16-0x0000000000400000-0x0000000000439000-memory.dmp

            Filesize

            228KB

            Download

          • memory/3252-19-0x0000000000400000-0x0000000000439000-memory.dmp

            Filesize

            228KB

            Download

          • memory/3252-20-0x0000000000400000-0x0000000000439000-memory.dmp

            Filesize

            228KB

            Download