Overview

overview

10

Static

static

10

4338d227b6...c1.exe

windows7-x64

10

4338d227b6...c1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    100s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-04-2024 22:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4338d227b68d80fc282073c758d0bac1.exe

  • Size

    366KB

  • MD5

    4338d227b68d80fc282073c758d0bac1

  • SHA1

    7fb57bdfcfd56035b34adf47bdd6e1cd205613ce

  • SHA256

    41a06a41931fe281179944dbc9ec941d88eac9063d8877664c4e584569e4cb66

  • SHA512

    0942b5dfe9f4b4e20607f772d885965590d76432a35343702418a3c91cc3f1abd76bfcdbcd09939f8ea43786464bf3453474cb97da0c342e5654d5c1c45e90ab

  • SSDEEP

    6144:OuJkl8DV12C28tLN2/FkCO0aHftvCGCBhDOHjTPmXHk62pk:OzGL2C2aZ2/F1XaveOHjTo

Score
10/10
urelastrojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.165

218.54.31.226

Signatures

  • Urelas

    Urelas is a trojan targeting card games.

    trojanurelas
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4338d227b68d80fc282073c758d0bac1.exe
    "C:\Users\Admin\AppData\Local\Temp\4338d227b68d80fc282073c758d0bac1.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1572
    • C:\Users\Admin\AppData\Local\Temp\synup.exe
      "C:\Users\Admin\AppData\Local\Temp\synup.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:1508

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\beolw.exe
    Filesize

    56B

    MD5

    894354f904433a6add57dc27f1526fb7

    SHA1

    9d4b7d610c483832e03f80c72854ebd7ed1a114e

    SHA256

    e477c75c9fdc084c5568141664be7392264ed3b4412a6b8a27e8f1fd7943b81c

    SHA512

    26ebe839e3ca8f653caf1e622e0941482fe5571fdaf5d094adb0d03e42936a87658c43e18150a642fa5d747b96f0f41439c7bda49ede98266989702029c8ea7e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini
    Filesize

    512B

    MD5

    efe9a3b5a9fa85629fe3e4bfddc60d80

    SHA1

    f220efdc9f9af8573b37580293f0a6ace6182165

    SHA256

    8c9e42afad95140e9736d71cfff6e682e53635becc48bb90e34225fc8126dad6

    SHA512

    2c0a4fb0c939fb5d4e928667abf3c6704e03f1118e10fe1143dd8863ce482b524af71bd77941547189b41d77be40bca500690947a271f8428e753536c07aa33c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\synup.exe
    Filesize

    366KB

    MD5

    81a5e170f3a6a40693813098220e0bc0

    SHA1

    fa4741656747fdf2199dd2c414d4f65ecfbcb5f4

    SHA256

    318af7b8ea87ea5778c696c3b77a5337327d9e781fddc4221721b01b857af4de

    SHA512

    d6456f98fb50ba4180017f2db2f42b908b4694078da57a7089b1b6a68715d5c6f6d1008e3509f0b2e6ca009d07e05a20363a75a512ba65853fd036e0702f7dfd

    Download Submit

  • memory/1508-10-0x0000000000E70000-0x0000000000ED2000-memory.dmp

    Filesize

    392KB

    Download

  • memory/1508-25-0x0000000000E70000-0x0000000000ED2000-memory.dmp

    Filesize

    392KB

    Download

  • memory/1572-0-0x0000000000B70000-0x0000000000BD2000-memory.dmp

    Filesize

    392KB

    Download

  • memory/1572-14-0x0000000000B70000-0x0000000000BD2000-memory.dmp

    Filesize

    392KB

    Download