Overview

overview

10

Static

static

10

7ebbaa2c0a...15.exe

windows7-x64

10

7ebbaa2c0a...15.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-06-2024 23:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7ebbaa2c0a43e7490253fdef9453897837e9bae07f1010dddec7198a95c27f15.exe

  • Size

    623KB

  • MD5

    b3c93663d9ff1c807ccfd89d296d009b

  • SHA1

    054917c3e37da49916f252213a98b79c9017bb77

  • SHA256

    7ebbaa2c0a43e7490253fdef9453897837e9bae07f1010dddec7198a95c27f15

  • SHA512

    dbe0e141b6cc36138761761940feebaabffbfd45638630ff08242c0f55a3a3ccf32b7f07cac9ce537f28fc952cdf351a672f799a200f272c345f04e89c0bd69b

  • SSDEEP

    6144:imbmLppYOuakYGWV5Q4XMxvQ4x1OpGcm9VQl0lM/oJ4/gupXWy7:ima6idv8zzkGHVqoq/gKWK

Score
10/10
urelastrojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Signatures

  • Urelas

    Urelas is a trojan targeting card games.

    trojanurelas
  • Detects executables built or packed with MPress PE compressor 6 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7ebbaa2c0a43e7490253fdef9453897837e9bae07f1010dddec7198a95c27f15.exe
    "C:\Users\Admin\AppData\Local\Temp\7ebbaa2c0a43e7490253fdef9453897837e9bae07f1010dddec7198a95c27f15.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:5064
    • C:\Users\Admin\AppData\Local\Temp\luuwl.exe
      "C:\Users\Admin\AppData\Local\Temp\luuwl.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3428
      • C:\Users\Admin\AppData\Local\Temp\ygdup.exe
        "C:\Users\Admin\AppData\Local\Temp\ygdup.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:3432
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_uinsey.bat" "
      2⤵
        PID:4924
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4476 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:404

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\_uinsey.bat
        Filesize

        340B

        MD5

        6dfc2b3349970e9e93fb240ce34f9b42

        SHA1

        fd0f3790de2195de5d6d04e04dff812bf7aa6da6

        SHA256

        5eea7030fc50e1ffc7fb4f116ad36e9a34318c5ce5abfd6d5c9431a089ed49ad

        SHA512

        7dc62edd9bf1f4a82ecf6063497da1ed7474b7a556f2d5ca801b9dddea529786144d18799a7378491fe368cdef5a251a915f1856bc6f045a83ac602a9ebc3885

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini
        Filesize

        512B

        MD5

        a0b317548a02ef4a9302bf61a081517a

        SHA1

        d45c4a72dce538ae4ee0138a4d431a490d50bb75

        SHA256

        c64c412b12e57cf541df1f9bf0ccbd732579fe40b849c20cf5c3ce3466138884

        SHA512

        94b4cf229809797cafc54f58331cd1dfeaab07ae95f9829cc1dfa2b9533826e395291f6ac42207391a9ec09a76c079262f20d2b998b1de1fe0fd4780b3c275d9

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\luuwl.exe
        Filesize

        623KB

        MD5

        2c44b32204c229332a703b6f171b232a

        SHA1

        ca138990be0be8cfb81e30a82d4a913679ba43e3

        SHA256

        21e09148dff379aa86f309284345d119324897ddaaa1024a03b9642296bae4a0

        SHA512

        7a553ecad1a001dfb8c8428ccd8a0c27b1a4d4af38bb935978c7a74bafa986a96b4aa0b72625833c26f836757fa1342976a5319c2ab9eeee22b597fe34440b9e

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\ygdup.exe
        Filesize

        203KB

        MD5

        0a88f75da011d818dca07c7e49bd12ca

        SHA1

        53cadbfcbf447c42ef93918b16f9d0eb30ad799d

        SHA256

        957ad7bb33cca0aed87fdb1a37b209ccd00ca90fae8eb47767ea0d3ccc53e9a3

        SHA512

        38f7f725e94c48b035716ea85468bdd7246d243c5b7daa77b6cef43269df5eaa4a8dbb25230242e004b3a6dee01eef2a138c6b8e11c60fe42b5c17e196775cc9

        Download Submit
      • memory/3428-25-0x0000000000400000-0x000000000049B000-memory.dmp
        Filesize

        620KB

        Download
      • memory/3432-28-0x0000000000400000-0x000000000049F000-memory.dmp
        Filesize

        636KB

        Download
      • memory/3432-24-0x0000000000400000-0x000000000049F000-memory.dmp
        Filesize

        636KB

        Download
      • memory/3432-26-0x0000000000492000-0x0000000000493000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3432-29-0x0000000000400000-0x000000000049F000-memory.dmp
        Filesize

        636KB

        Download
      • memory/3432-30-0x0000000000400000-0x000000000049F000-memory.dmp
        Filesize

        636KB

        Download
      • memory/3432-31-0x0000000000400000-0x000000000049F000-memory.dmp
        Filesize

        636KB

        Download
      • memory/5064-14-0x0000000000400000-0x000000000049B000-memory.dmp
        Filesize

        620KB

        Download
      • memory/5064-0-0x0000000000400000-0x000000000049B000-memory.dmp
        Filesize

        620KB

        Download