Overview

overview

10

Static

static

10

ad9619d44f...0N.exe

windows7-x64

10

ad9619d44f...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    14s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    23-07-2024 11:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ad9619d44f708eb0f20a1c30a91aa110N.exe

  • Size

    370KB

  • MD5

    ad9619d44f708eb0f20a1c30a91aa110

  • SHA1

    e1029f562aefc8fde324163f2a05553b75f58652

  • SHA256

    69ffdb883f2fef2ef03b427283d66ea3b11b804ac30473c9f727d86fda04ec08

  • SHA512

    db90a586f98bd11eb120c22222829abf5dcdbcd6775a59b9b056e22694893bf9b79eb3f04ae653f1d2eb581f9933bfa790d7e22be8a0d0a7ddb20b3192f58ccc

  • SSDEEP

    6144:CuJkl8DV12C28tLN2/FkCO0aHftvCGCBhDOHjTPmXHk62pHB:CzGL2C2aZ2/F1XaveOHjT1

Score
10/10
urelastrojan

Malware Config

Signatures

  • Urelas

    Urelas is a trojan targeting card games.

    trojanurelas
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad9619d44f708eb0f20a1c30a91aa110N.exe
    "C:\Users\Admin\AppData\Local\Temp\ad9619d44f708eb0f20a1c30a91aa110N.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2644
    • C:\Users\Admin\AppData\Local\Temp\wyqyw.exe
      "C:\Users\Admin\AppData\Local\Temp\wyqyw.exe"
      2⤵
      • Executes dropped EXE
      PID:2764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini
    Filesize

    512B

    MD5

    941e54bea0d17411926eceecda4b7ede

    SHA1

    c3e258c43c7d5d5228a1b84e6c8285fa05d0ebd4

    SHA256

    0a6b1bb44879357625f5fe1ddce9a4daa4a4f70b3cf903eb22c654dfbb416331

    SHA512

    f35fca75eee7464d075d09b768b18ff01bd6a0e03e328b0caed614abf510e37aa866db2213f3adfda8e98dfb20c0870c17ac5d13f773e569b59237e1afb2f899

    Download Submit

  • \Users\Admin\AppData\Local\Temp\wyqyw.exe
    Filesize

    370KB

    MD5

    775fe0bf84d9d3a2a23d1d697a2a63eb

    SHA1

    cef21caf999dfa8ecc110dee3bd4362a5b2693ed

    SHA256

    04f6142287d012db899415af1b63e00cbc1c3aef3ebcb8dd6e2192acff02e42e

    SHA512

    db877e622e9df5059c14ec2f4162c2333ca65ab4654224c042d09b158fdc9df398602f67555381f039868af6a10b6d6c51b8b6823f093cd9f0a068c389255b48

    Download Submit