Overview

overview

10

Static

static

10

f03535ae3b...bb.exe

windows7-x64

10

f03535ae3b...bb.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-06-2024 03:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f03535ae3becd1dd0b531f945b5667579a3a28ed97c779c83c480118bb6f0abb.exe

  • Size

    93KB

  • MD5

    3e2d1f232c5a6ba7c01b891716e9c4bb

  • SHA1

    61d535cce9c81f45a1ef54e9323fc3be2fa899e3

  • SHA256

    f03535ae3becd1dd0b531f945b5667579a3a28ed97c779c83c480118bb6f0abb

  • SHA512

    0c7e3e619d1a4b8bd29bafbf885a2428efabb73c072dddae86c9463b80699380b4febfa8e007f3f6f48cba3db63ac2b6064c1a6f3c4e2402ffa0fbf5c6e1b05a

  • SSDEEP

    768:54pt1NSf7M9Syk+IAnTjwm41tYhZV6pudcMiDh7FOaRb8RC1J3AFLT7Dm3UIn4U+:OVNSf7hyk+I6412V6PMqAax80XAFSrRo

Score
10/10
urelastrojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.77

218.54.47.74

Signatures

  • Urelas

    Urelas is a trojan targeting card games.

    trojanurelas
  • Detects executables built or packed with MPress PE compressor 6 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f03535ae3becd1dd0b531f945b5667579a3a28ed97c779c83c480118bb6f0abb.exe
    "C:\Users\Admin\AppData\Local\Temp\f03535ae3becd1dd0b531f945b5667579a3a28ed97c779c83c480118bb6f0abb.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1168
    • C:\Users\Admin\AppData\Local\Temp\huter.exe
      "C:\Users\Admin\AppData\Local\Temp\huter.exe"
      2⤵
      • Executes dropped EXE
      PID:2600
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sanfdr.bat" "
      2⤵
        PID:3600

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini
      Filesize

      512B

      MD5

      d8c69e006046149f40585fb3e1bfafb4

      SHA1

      97073fb1d116248dbecd009e4bf873ab45c6c2da

      SHA256

      df1edebe6911c5127449117bdcec2878b0ecaff3e930a37e13aefe54363be228

      SHA512

      b8f5c75fbbddbb185a82395b59f75802cf800dac792c7256261998f3b4a965f180a901f4bd4e873b1cec0ac7acb77e09ec793c8b19ac2d1fdf115e57c42626b9

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\huter.exe
      Filesize

      93KB

      MD5

      3e2d1f232c5a6ba7c01b891716e9c4bb

      SHA1

      61d535cce9c81f45a1ef54e9323fc3be2fa899e3

      SHA256

      f03535ae3becd1dd0b531f945b5667579a3a28ed97c779c83c480118bb6f0abb

      SHA512

      0c7e3e619d1a4b8bd29bafbf885a2428efabb73c072dddae86c9463b80699380b4febfa8e007f3f6f48cba3db63ac2b6064c1a6f3c4e2402ffa0fbf5c6e1b05a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\sanfdr.bat
      Filesize

      338B

      MD5

      2e78d15e9c44326c0c9ff68313c97456

      SHA1

      e9663f3f5b08ca87e7a6a8eef59cdc04a5141768

      SHA256

      37188f5d58697e6cac205245ecf986066e280842e0b599eae718eb47c9f1d5d9

      SHA512

      ad077a0a64ca9f1528bd4ce26f9db91424a3f29a5f398edbd4655565d501392d0531e1c33de23e416cfa7216092bb081c91f62a75f6e9a25f6696bea270ac19b

      Download Submit
    • memory/1168-0-0x0000000000400000-0x0000000000438000-memory.dmp
      Filesize

      224KB

      Download
    • memory/1168-16-0x0000000000400000-0x0000000000438000-memory.dmp
      Filesize

      224KB

      Download
    • memory/2600-19-0x0000000000400000-0x0000000000438000-memory.dmp
      Filesize

      224KB

      Download
    • memory/2600-21-0x0000000000400000-0x0000000000438000-memory.dmp
      Filesize

      224KB

      Download
    • memory/2600-28-0x0000000000400000-0x0000000000438000-memory.dmp
      Filesize

      224KB

      Download