Overview

overview

10

Static

static

10

f88cd779d9...18.exe

windows7-x64

10

f88cd779d9...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-12-2024 10:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f88cd779d9bab641e74e74e61afd2da2_JaffaCakes118.exe

  • Size

    466KB

  • MD5

    f88cd779d9bab641e74e74e61afd2da2

  • SHA1

    f188afa244b6a3a20f79eb4c561b89170f004a5a

  • SHA256

    660cd2f79587b978e8449da2fc2926b3d815626c595facfeadd35a95133d144f

  • SHA512

    39c140fdd4d525c73e0e698cf5b7a173f3f900c18d1232a146be9aefdeed10b62f7dc5664ef4cc22905db018fa033cc5211152157e253158ee46e72ca4e5c3e0

  • SSDEEP

    12288:Y6twjLHj/8/GcHUIdPPzEmvTnabAh0ZnAr1Ui:Y6tQCG0UUPzEkTn4AC1+J

Score
10/10
urelasdiscoverytrojanupx

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.30.235

Signatures

  • Urelas

    Urelas is a trojan targeting card games.

    trojanurelas
  • Urelas family
    urelas
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f88cd779d9bab641e74e74e61afd2da2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f88cd779d9bab641e74e74e61afd2da2_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1208
    • C:\Users\Admin\AppData\Local\Temp\woxud.exe
      "C:\Users\Admin\AppData\Local\Temp\woxud.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3392
      • C:\Users\Admin\AppData\Local\Temp\domid.exe
        "C:\Users\Admin\AppData\Local\Temp\domid.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:3956
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_sannuy.bat" "
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3960

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_sannuy.bat
    Filesize

    304B

    MD5

    8a02e4aa8dbb123b3deb28f00aba5baa

    SHA1

    6b79b6b03b76876e63e957522a755b1b741eb4d6

    SHA256

    45adc6bb7fb413d0961bfab892ff274c8c3c55cf45ac62d8702008fe54db57e7

    SHA512

    c41b5381b8c6a20a243724b2742a3da1dc09375c5bf316d1f2d2861c238bcee3e7a50500f5ad27120464e13e5b727249d3c9599ee5396732acd1be2cbe813259

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\domid.exe
    Filesize

    198KB

    MD5

    63ba2d031a08d84b9034a16ddca1245e

    SHA1

    8444ecb632299c8872ccf97d4316f2dc435c65e3

    SHA256

    9e82aff7a43029f8d5752573cda65770694b2a9e491c476bfe9233ad674f3bdd

    SHA512

    81d30a4cf354839689b4a9382a0621d5e2a628a15740c3e48f7d2dee44ce00269caa3534c593950ad79cccfac6afaf7a4128920baa5cf0df671bef01ce6119cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini
    Filesize

    512B

    MD5

    9daa36390707c3ef3d99e0bcf2eecc7f

    SHA1

    3a1bf424a99b5fc668e39b37b270efb7d70391d2

    SHA256

    7a3632d612e9c243a82ff8a299e83bc9e6f8d70efb0e33976d53f66de7ac697d

    SHA512

    f561b72375cf95744044c1a076590f15accad946b69f006fde356e4db4a5df72bb1e1631b85a992a5c63858467dc86b67469c035b8a2e112ebf442bc6dac72f1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\woxud.exe
    Filesize

    467KB

    MD5

    e5ec38a342a97d581c09802ec16fd067

    SHA1

    cdacc23e6a9fe46fb5a541e73ac34a300b6e8392

    SHA256

    50cc590aee50ea122f6e30d954a22b3675267732ea0bfb2f4d012ed4294d4d04

    SHA512

    3d4defddc48c454a0e4a54c8aeca82aa27b308a53e0f81c5972fb81d19a33e0b7a1abf1b407be7725faa4cb04af09be3f3caab3d2d8c5622fced1a1e2c56f15b

    Download Submit

  • memory/1208-0-0x00000000003B0000-0x000000000042C000-memory.dmp

    Filesize

    496KB

    Download

  • memory/1208-14-0x00000000003B0000-0x000000000042C000-memory.dmp

    Filesize

    496KB

    Download

  • memory/3392-27-0x0000000000CD0000-0x0000000000D4C000-memory.dmp

    Filesize

    496KB

    Download

  • memory/3392-17-0x0000000000CD0000-0x0000000000D4C000-memory.dmp

    Filesize

    496KB

    Download

  • memory/3392-13-0x0000000000CD0000-0x0000000000D4C000-memory.dmp

    Filesize

    496KB

    Download

  • memory/3956-26-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/3956-29-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/3956-30-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/3956-31-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/3956-32-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/3956-33-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/3956-34-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download