Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22-11-2024 07:20
General
-
Target
9b78d19afe8ef274b9debee712a7fbf1f8ca2d0a4f9c1d2005f0542d792fb942.exe
-
Size
330KB
-
MD5
4b9902bf074634779cdbe5af3775a6c6
-
SHA1
d52eb67aa4a794b1db570a367cf0992a8e8e1d76
-
SHA256
9b78d19afe8ef274b9debee712a7fbf1f8ca2d0a4f9c1d2005f0542d792fb942
-
SHA512
f6777d9b59c5194a91de39ab382718b70f0399bc0bbf0d708629986e0e2710d667073ac6619c67f6afdd7f9daa0ecf5f998634a26e3c8124aec653d8f8aee221
-
SSDEEP
6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYMOF+:vHW138/iXWlK885rKlGSekcj66ciq+
Malware Config
Extracted
urelas
218.54.31.226
218.54.31.165
218.54.31.166
Signatures
-
Urelas
Urelas is a trojan targeting card games.
-
Urelas family
-
Deletes itself 1 IoCs
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 24 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9b78d19afe8ef274b9debee712a7fbf1f8ca2d0a4f9c1d2005f0542d792fb942.exe"C:\Users\Admin\AppData\Local\Temp\9b78d19afe8ef274b9debee712a7fbf1f8ca2d0a4f9c1d2005f0542d792fb942.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\evuwx.exe"C:\Users\Admin\AppData\Local\Temp\evuwx.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\bydor.exe"C:\Users\Admin\AppData\Local\Temp\bydor.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_uinsey.bat" "2⤵
- Deletes itself
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
340B
MD58b64ad45b5e7598b2e4092a12902d5ef
SHA1d16afd55a7e635525beeed1b5592d41ba773c39a
SHA256c309c48c998642b0f0faa3efc8878dbbbe769ee779ddfcf9cce6f0251d03e3c2
SHA512c7b1ee3b5238fc1ba90c65c67765ac80109c6edc78d032933b587c855854c6332b4f83ee7cc5c911a4ccf7bdb13e6efc712304fd4eee05004328148f91a9d4bc
-
Filesize
330KB
MD5087048930a119503168f3609073cafd8
SHA1cac804491fb38e0a5d38472e5ae6dc6e4ae12424
SHA2563e741e6ae4eb56c5f2f02a4571e050230e69c862cb02ba50bdc61974233efa1a
SHA512961343e3092de40d1bce199e53f43a3547408cd21f0510617981f96bae3c9ca92b54bb816f3eace530505d68d31eb1fe73a45b45bef9421fc007ec134ae7a388
-
Filesize
512B
MD528347e6154a1ab0c1c8da8f1c2258454
SHA173c817e21646897e7793fd4f61772683a01d1fef
SHA256aa0e784f9400c108301554f97695c12f397b73e9f629622ef0ee13e75fee4b3e
SHA51235fc36bcf98721cc8f871ddc7860440b6939358f4ccd482eaa666dda5b6ada0c6b296c0e592e2a98c3a727daac7bef4f84b3808ba4a019c09095f586fad9f473
-
Filesize
172KB
MD5fe5ed47d1e2df7f6e7740ee9b4d8624f
SHA196f7e6e46bd922422dfaa7d514502820ba24745e
SHA25605e6c61ecbb78d74b44576de0c57a44ac78469b832aad9dccd69f8f0800af719
SHA5124fd35eabfb1b9daed73f90e4d46d2cca192fba95ee2baeed0c7ef14a34b9b6df44434de6808a031cd117c21ec0463c15d66e06d37739cffdcc4e4a4e9ef150d4
-
Filesize
330KB
MD575fcd4b4b6eac86aa3a4e9f4d2a93074
SHA1fef59a02d7f8be425b489a99faab6c4e745d88db
SHA2566d0d40d52fa3a102fea4d08173a623c689985b16ee90c15924ffe16dcc469d82
SHA5120d1a722f02f0d284896c497ccc408a8bae921fa5e81eba1054f2abefdf580ec74b1fcadf1816aab9c449d20ed10d836fc9b5ea048fe85e0b4d9d3126e3c3a9c2
-
Filesize
516KB
-
Filesize
612KB
-
Filesize
516KB
-
Filesize
4KB
-
Filesize
516KB
-
Filesize
516KB
-
Filesize
4KB
-
Filesize
516KB
-
Filesize
516KB
-
Filesize
516KB
-
Filesize
612KB
-
Filesize
612KB
-
Filesize
612KB
-
Filesize
612KB