Analysis
-
max time kernel
149s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
28/10/2024, 21:42
General
-
Target
31a7a6a76277be46d2cf9fca4d7bc90fefeb41eadab5486d1599a3044df631ae.exe
-
Size
330KB
-
MD5
574b21767e108012461c55b68fa4859a
-
SHA1
87bc2c0d8a0bc4a557eab7c655af9a25cdd3f509
-
SHA256
31a7a6a76277be46d2cf9fca4d7bc90fefeb41eadab5486d1599a3044df631ae
-
SHA512
0d56f0ec36795efdff4dbaf7bddbfc3770a130f9c96f25738d5be140b7bb25020d3b9eb62d3e2f4355bc5447fbbfda50ed6f53497892bccba75408cd04947fee
-
SSDEEP
6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYV7:vHW138/iXWlK885rKlGSekcj66ciE7
Malware Config
Extracted
urelas
218.54.31.226
218.54.31.165
218.54.31.166
Signatures
-
Urelas
Urelas is a trojan targeting card games.
-
Urelas family
-
Deletes itself 1 IoCs
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 52 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\31a7a6a76277be46d2cf9fca4d7bc90fefeb41eadab5486d1599a3044df631ae.exe"C:\Users\Admin\AppData\Local\Temp\31a7a6a76277be46d2cf9fca4d7bc90fefeb41eadab5486d1599a3044df631ae.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ibjyg.exe"C:\Users\Admin\AppData\Local\Temp\ibjyg.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\wibyt.exe"C:\Users\Admin\AppData\Local\Temp\wibyt.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_uinsey.bat" "2⤵
- Deletes itself
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
340B
MD56790c30365b383b27826bed40956de20
SHA1ab049a238e52322795aeab9c00328f2d69be60f9
SHA256b8f9042e725b4b36536392412402f49ca2a8e496e2663cd86e29e1b7f989c446
SHA51294f7ddc9b4c77ce0dd2e2e40c0e6fda5a9598cfc1fb2630d016b4cb3b879eec80a5a8832843fce53b0ff0282fdafa734d1675e3de49b7b6bd9fd590a06bf3646
-
Filesize
512B
MD5fb3f33f5858809a4343ef2423822b215
SHA1c3ad705e1abd179d33987b12b2b17658daffb974
SHA256e58665a61ea7434493f08e341d5e04ecd54e4b700f84100968bd6d6470f6b2a1
SHA512df25caa51d247776b9b578510c5a9ae1ff82e90c3c7f5e70e58e5808d4432c20f7c0fa82186cdd39b8a298ee23e3758d982ac7e62f71691c3458a80952c22502
-
Filesize
330KB
MD53b4db8ba0d6566c159cf889bad9169bf
SHA1854a965b004847aea8e66dd2d6a622b3a62648f2
SHA25616794ac2c6a96fba4d0f3522f3d89afba6c69e0968a7e5a42f84ccb5d3a35084
SHA512dec636b94ead30d5e8bb06341d5314b4b37606ab0bf0129ac6967421e4d13f6e9e3ef9895187c2d66bf5957639ae8453f84707051e3dda537852bf90952f27de
-
Filesize
172KB
MD59f2f54aad59777d2a5bfe669d99e0e57
SHA19fac4deaf081d49e28d89edc4855e78511fbb4b5
SHA256a77b336471455b19c36694ac4e603767437e728a47aa08a6aa0d8d59eaa66241
SHA5128d3441c5f0a8e2041d6001e133823dd6c60fb28b164a007f2cd5765593720ba978ca4f6d8302ded45a4d0191e5c01b858fc8f4f19be71b0ab278a8e4f72c9d9a
-
Filesize
516KB
-
Filesize
516KB
-
Filesize
516KB
-
Filesize
4KB
-
Filesize
612KB
-
Filesize
4KB
-
Filesize
516KB
-
Filesize
4KB
-
Filesize
516KB
-
Filesize
516KB
-
Filesize
612KB
-
Filesize
612KB
-
Filesize
612KB
-
Filesize
612KB
-
Filesize
612KB
-
Filesize
612KB
-
Filesize
612KB