Overview

overview

10

Static

static

10

7f1fda5c3e...18.exe

windows7-x64

10

7f1fda5c3e...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-08-2024 04:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7f1fda5c3e6515b61fa48f5744572b5c_JaffaCakes118.exe

  • Size

    185KB

  • MD5

    7f1fda5c3e6515b61fa48f5744572b5c

  • SHA1

    f5e5283f511c4e6e7ff1ba4bb91acfc17653a58f

  • SHA256

    2c25e31ddcb7ce79670b67ce57d5e6a4b0c7e13d870ee25a8bbdd18807ee5d32

  • SHA512

    e123298022c743f8b675c93fd2d112af7cccee6c0fae75fbeeb2c6b20df446a582a8b09ee52b788638b9ebb69e6319bf4fb95865ca6989ef254b18d9111fb5cf

  • SSDEEP

    1536:TPwN8ukP5sZK20EGIBpwW6NeleEQ77nuUWXJmU2Ajpf8oI4KEAUg2uI:Thuk8QsH47nW5ppkoI4KEAUg2p

Score
10/10
urelasdiscoverytrojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Signatures

  • Urelas

    Urelas is a trojan targeting card games.

    trojanurelas
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f1fda5c3e6515b61fa48f5744572b5c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\7f1fda5c3e6515b61fa48f5744572b5c_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:348
    • C:\Users\Admin\AppData\Local\Temp\huter.exe
      "C:\Users\Admin\AppData\Local\Temp\huter.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:3028
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sanfdr.bat" "
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4196

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini
    Filesize

    512B

    MD5

    ede6388dfbb03ff576508b085d03e793

    SHA1

    71d2e779ac6ed074b5698651a8c7fa3b047ccb50

    SHA256

    779c0d78580692dadb2978ddfcd44d68f8282bb3453c638c9a4c2feecc1b96f8

    SHA512

    097e3b9b2ad80944e542785db3a9062ecb2c657192d96659dcc5267f362b186c91722f2bc103f19ef895e6d9821cf33d262569fae23605888d75f38d2e30093b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\huter.exe
    Filesize

    185KB

    MD5

    00e9e250f4ac7da49fda44ea1877bf17

    SHA1

    c67cec8c58173384b4db1587ce38968d2a710677

    SHA256

    18b93caa32065cfbf11bed1c6092115d830a4719e373179ba0d3da27169cf25c

    SHA512

    d3862058fd57a4fe0b90a0d654118e7a15b53cd7e1d3383aa35ad22e922524bc3e88ac5f88af2fa4f3158a895823760b65a3d76062d38fd564cbe4b96107c02b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\sanfdr.bat
    Filesize

    302B

    MD5

    e41ea93eca438a829239de74778164d8

    SHA1

    e8c7977b3f2a2576203367a4261c6c0c304973b7

    SHA256

    b8db3e9caa1afbf59716814ed8fe2bafe499241db7bf4178ff7ea0623fc74fd4

    SHA512

    071ad2968d8b3a1fe3c5a6e454fc16868d3cb1273857f28a063971a39e17350aa82ac46e98e82637dc61c299ccf9265c74b36bc4f0382840ca33468fed391bd3

    Download Submit

  • memory/348-0-0x0000000000120000-0x0000000000151000-memory.dmp

    Filesize

    196KB

    Download

  • memory/348-17-0x0000000000120000-0x0000000000151000-memory.dmp

    Filesize

    196KB

    Download

  • memory/3028-14-0x0000000000020000-0x0000000000051000-memory.dmp

    Filesize

    196KB

    Download

  • memory/3028-20-0x0000000000020000-0x0000000000051000-memory.dmp

    Filesize

    196KB

    Download