Analysis
-
max time kernel
149s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
27/10/2024, 01:40
General
-
Target
d4d0f1663b460484e3a947f9d7cee4723b0c1f92f95ead0d909c231b2068d2b8.exe
-
Size
332KB
-
MD5
b8017c01f42eb5dc5abf267902d2168b
-
SHA1
4966c9e8caf87d844cdc8174a9d17f5865703042
-
SHA256
d4d0f1663b460484e3a947f9d7cee4723b0c1f92f95ead0d909c231b2068d2b8
-
SHA512
d5f64d8653189f87a8d31a63ebc68d80a2d9b47686c8eab14dd440b64d4427cb4cb664ce5eb275381e8b28fc1f7bbe32998ffe5942ff7cee5241dfd7bc9a0d67
-
SSDEEP
6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYVQ:vHW138/iXWlK885rKlGSekcj66ciEQ
Malware Config
Extracted
urelas
218.54.31.226
218.54.31.165
218.54.31.166
Signatures
-
Urelas
Urelas is a trojan targeting card games.
-
Urelas family
-
Deletes itself 1 IoCs
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 54 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d4d0f1663b460484e3a947f9d7cee4723b0c1f92f95ead0d909c231b2068d2b8.exe"C:\Users\Admin\AppData\Local\Temp\d4d0f1663b460484e3a947f9d7cee4723b0c1f92f95ead0d909c231b2068d2b8.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\dajoq.exe"C:\Users\Admin\AppData\Local\Temp\dajoq.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\qosib.exe"C:\Users\Admin\AppData\Local\Temp\qosib.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_uinsey.bat" "2⤵
- Deletes itself
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
340B
MD597ac3213777bb973b4a206e67455a7e3
SHA1f20da8a66d33439a1d4c85ab872d70f97ed4c8bb
SHA256a3273afa5970391d71c2328123e5daa4e4f0bf348036b2534b6d92a9bf87ec9b
SHA5124ff2ea54706d3c9ab14f5fcd2ba7299fc7763a605436ba0c83a9f381d49e9f7e99685a744565970477b24d9cc92fd92a274de859a9d3c5a5df9cdc14cb0f20e7
-
Filesize
512B
MD5d98c1d19099312ecf8cf3db81bb6af77
SHA1294d3c667b333d71b65452f129264e5b5c698c2d
SHA256023e980c0f01d8b2a3852dcde3d663084197a5c2c49a4fd775fba99b237f3e0c
SHA5127bc6dc0aa2dcc5606cec730307724901ab8a407e15a7bed79136acfc59d4bc9f2ba0456ddaf378c66971509b7d350dc757476110d257c78aaf1459eda6ebd0e1
-
Filesize
332KB
MD58c5ee51b47eb98f2e0fc1d309778669f
SHA10234a6f5662bdd228a1314ac25f03f8063227021
SHA256c385d10b3965ed1d4fe1101a0efbb0605f47f633f2d3c439c058d9c45f68d24f
SHA51260761e4c0ea8b0845481fc34130fa7f3237cd2d3c1719bf3081e6edb20c7f2bbf41ae095d714b5cba8918be64105b4a2d8e7d7e646cc94616b62920a3698863a
-
Filesize
172KB
MD5a85076eaa4097013bf7254c62094b323
SHA1516e211572df048009e77a896cd64bfa0e609e10
SHA256251410ca49416f0504466e535a3aa660072c42dc085247f0e4e4d144dd7c1589
SHA5120c893c7304810f1d111c28ac68d678025b8e56c5ded598a43493af6674efd3a21664c98cf1b247e66e80b95150c71ad01a654cd269c8ef0d883872119cd006b4
-
Filesize
516KB
-
Filesize
516KB
-
Filesize
4KB
-
Filesize
516KB
-
Filesize
516KB
-
Filesize
516KB
-
Filesize
516KB
-
Filesize
4KB
-
Filesize
612KB
-
Filesize
612KB
-
Filesize
612KB
-
Filesize
612KB
-
Filesize
612KB
-
Filesize
612KB
-
Filesize
612KB