Analysis

  • max time kernel
    16s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    01-08-2024 12:35

General

  • Target

    78743c3f85b3485ec2a49a07529bc760N.exe

  • Size

    370KB

  • MD5

    78743c3f85b3485ec2a49a07529bc760

  • SHA1

    6efd2968bdbd316657417c708387bcb946ec714b

  • SHA256

    fd63c2da89f16a4a2db0a86f79472a72ffd4330458d12201fa0571dc94a1f28f

  • SHA512

    c7c65c2c921c59810ae754dd575222182900e7c5d88010df99da1ff952f1f5fab6e41ee66d40aca40195f28a79cb6e1c89e8c6132c5b59b73d691b6aa80ceea6

  • SSDEEP

    6144:CuJkl8DV12C28tLN2/FkCO0aHftvCGCBhDOHjTPmXHk62pHj:CzGL2C2aZ2/F1XaveOHjTn

Score
10/10

Malware Config

Signatures

  • Urelas

    Urelas is a trojan targeting card games.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\78743c3f85b3485ec2a49a07529bc760N.exe
    "C:\Users\Admin\AppData\Local\Temp\78743c3f85b3485ec2a49a07529bc760N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Users\Admin\AppData\Local\Temp\fuevj.exe
      "C:\Users\Admin\AppData\Local\Temp\fuevj.exe"
      2⤵
      • Executes dropped EXE
      PID:1880

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini

    Filesize

    512B

    MD5

    4576b45dbc7263392889a9f595148277

    SHA1

    b0f22ac4707bafb43a7bccdb5ce31c5a5a8b6b63

    SHA256

    8924c7694f4f23a6b9a97ce46fddc6f1b98a8c12d9c7c2a4bd86291153523b0f

    SHA512

    f520fb45beb4e6d82f8348056f26c9cc72b2af62ac4ef4cf12dc1060c9d9d97d80c66d2459a7454e3033b9dfe1ce5eeee7624f21c3255d429a29db35d55b8c38

  • \Users\Admin\AppData\Local\Temp\fuevj.exe

    Filesize

    370KB

    MD5

    ebfdecdb79e55cf7850ae1e46487ef06

    SHA1

    8da71d52c9497f7d3c7019753e64965edcf72715

    SHA256

    a32b773d819f91a580bba13a6d7149dfef61b78da427a51429357aa1bb9bf9ff

    SHA512

    297b5c966cc2387c615d833120b314e8f08f501863411ba4d66cd0c9e0400b9dea436252d66e64782d99aeb2e7ccee5072acbe3e079d5912e17d7720a6d93d00