Overview

overview

10

Static

static

3

6962866cc5...60.exe

windows7-x64

10

6962866cc5...60.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/05/2024, 02:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6962866cc5d9b288b73b4f6de36dc460.exe

  • Size

    97KB

  • MD5

    6962866cc5d9b288b73b4f6de36dc460

  • SHA1

    7eb27ad51e37ade9c46c686902deee88f71c26d8

  • SHA256

    59f1e35f9db3a96096bb38273e9b3c76705c85c9338c961e9b669d43bb36a697

  • SHA512

    fb01980523024b87376e8e711c53d608134a2d919cef318c8ae87f8ba036e51ea9744054b39ab1663731032c6e22e96297ebad39b1de58b372ec8b101335293a

  • SSDEEP

    1536:nwhq8V9IpPf2lgiIJ4pivJnuNVueC39GdBR3M9cwK:nqV9MziU4piRun7C3CP3M+

Score
10/10
urelastrojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.208

112.175.88.209

112.175.88.207

Signatures

  • Urelas

    Urelas is a trojan targeting card games.

    trojanurelas
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6962866cc5d9b288b73b4f6de36dc460.exe
    "C:\Users\Admin\AppData\Local\Temp\6962866cc5d9b288b73b4f6de36dc460.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Users\Admin\AppData\Local\Temp\huter.exe
      "C:\Users\Admin\AppData\Local\Temp\huter.exe"
      2⤵
      • Executes dropped EXE
      PID:348
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sanfdr.bat" "
      2⤵
        PID:432
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5248 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:4060

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini
              Filesize

              512B

              MD5

              02167b944a214fee3d34f9a7e356dc6a

              SHA1

              ca5b3f38a7151268726401593eb35f9b67bdde97

              SHA256

              77fcdadc9ba56daa81edb3f0ef876e38a8c7de56187c28c7d02992cd9e0a243d

              SHA512

              c8976c66724d737105a66699673052d7bc7f1e1941c91e03f97452aaba714d35b1d55434e950b00c58626b8bcf16186a731cccc503b7ba08f080ead3eaca5817

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\huter.exe
              Filesize

              97KB

              MD5

              bd1c17401d591061b14b49863c9da3fd

              SHA1

              816b78da87784f4d903bf88249b8a1addecb7c55

              SHA256

              a6ebbc74c22abd53594d966bbe3255130d3e6974422502a0abd2b25222a4084f

              SHA512

              8dfb6d25ca708bbfed48b1b26f58cbc779b4942e31e4778f5f36f3f98a0a2cc0d723766683c8ae086231e800c8f5787bf6d678db50c048730bb79e9ceca5f673

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\sanfdr.bat
              Filesize

              274B

              MD5

              4ffaa123401a9152e31914c77afee89a

              SHA1

              12f36f5c079e5cd3f73a4afd56d9a40094dbded5

              SHA256

              ccd26bda27d907381ab8f499425d1e71466121f2823fd48e646cf4e805f18913

              SHA512

              3bac66ad94aeaef0693af468a162f2079f00d2b243d00f9af9c0e959624183a57c91d8a9404b5e54c610ce16ab2c62e478258a18db79090f84b2f236c0f39c3a

              Download Submit

            • memory/348-22-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/348-24-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/348-30-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/2384-0-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/2384-1-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/2384-4-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download

            • memory/2384-19-0x0000000000400000-0x0000000000436000-memory.dmp

              Filesize

              216KB

              Download