Overview

overview

10

Static

static

3

a2a6e08967...0N.exe

windows7-x64

10

a2a6e08967...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    101s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/08/2024, 21:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a2a6e08967146e01690ba2c66c2004e0N.exe

  • Size

    70KB

  • MD5

    a2a6e08967146e01690ba2c66c2004e0

  • SHA1

    225865c001791e456d939c41597be5ee84bf9d2a

  • SHA256

    55b922a0eec15aef2c82d46686ad300ccac2452c891011c791c7c795a113ba2e

  • SHA512

    2f4191724a903f578d3aa489ac761369715f3f973e64e893d647da470dcecbbf43c41e86146cc2d1a75fbbbfd2cdcc9620b4c23ff31330a931c458846065d888

  • SSDEEP

    1536:v6fqsAPQYGmPzmZDDZrV8sMQXGkfn33n7z5WeIuhCarawk:yLAYUzmdD0sMQl7d7IuhCaeN

Score
10/10
urelasdiscoverytrojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Signatures

  • Urelas

    Urelas is a trojan targeting card games.

    trojanurelas
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a2a6e08967146e01690ba2c66c2004e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a2a6e08967146e01690ba2c66c2004e0N.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2624
    • C:\Users\Admin\AppData\Local\Temp\biudfw.exe
      "C:\Users\Admin\AppData\Local\Temp\biudfw.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2972
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sanfdr.bat" "
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4516

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\biudfw.exe
          Filesize

          70KB

          MD5

          1a6f84ecc751f3506ec015b1b8921306

          SHA1

          b8d1b0a72e2648bb4220f8935d4bfb9af027f819

          SHA256

          ebe431cda40af638ddc0a0b04ff27a17b82f2a0fa05bce4136eae2f38a792bbc

          SHA512

          cc279d513ad1808aa731cdb617cf55b5b51251f8ad9ce3419f0b31f4aad5f6b286a81558872fa69d2f269e207ba8eafcede8f5794db902ba95995ba0ac8d82e4

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini
          Filesize

          512B

          MD5

          1c9b2720af0ca9528b47898d9c7f4799

          SHA1

          80495f16e333f54ecc700252323c2a7cb7d751e1

          SHA256

          d1ea9a17b5a635a121e82e7963d3b134f74050da9debcd40c9622f50c5d38fe5

          SHA512

          5afe876f2cd887458656b1747bce08d03f26ef286bcc83efa93e0111be856d0564bee4d6ef5637c167626bac121f7371b69c7952502d47784ac9ad568bf53eac

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\sanfdr.bat
          Filesize

          276B

          MD5

          c8e04c8b6915af65f0fc089ba31658b2

          SHA1

          44975f7062e53f4de8acd0908cc85b4ceb082dd9

          SHA256

          74785541b47fca7aba87c9c6a136ba90dd052f2d67aec20f4bc8f18ce07efb3b

          SHA512

          f2c3a66190c19b2b28cbabc43eb702e855a0da1b3774708dc475e04a5992b87718e7d20fcc489bf574f84d0c25f230bd541ed7794aba278edf8b46e2515fb9ad

          Download Submit

        • memory/2624-0-0x00000000009B0000-0x00000000009D7000-memory.dmp

          Filesize

          156KB

          Download

        • memory/2624-18-0x00000000009B0000-0x00000000009D7000-memory.dmp

          Filesize

          156KB

          Download

        • memory/2972-13-0x0000000000C60000-0x0000000000C87000-memory.dmp

          Filesize

          156KB

          Download

        • memory/2972-21-0x0000000000C60000-0x0000000000C87000-memory.dmp

          Filesize

          156KB

          Download

        • memory/2972-23-0x0000000000C60000-0x0000000000C87000-memory.dmp

          Filesize

          156KB

          Download

        • memory/2972-30-0x0000000000C60000-0x0000000000C87000-memory.dmp

          Filesize

          156KB

          Download