Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

24ac1a6084...99.exe

windows7-x64

10

24ac1a6084...99.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    47s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    24/01/2025, 21:09 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24ac1a6084fe86b3441c9eb8ffe4f569646b99ce4b8761bd5babcab5b266d299.exe

  • Size

    80KB

  • MD5

    e3a68a705b6add2f1367e3088cdab0db

  • SHA1

    93dfb16e3f7f9fabf861d46fb1bdb87a562b7594

  • SHA256

    24ac1a6084fe86b3441c9eb8ffe4f569646b99ce4b8761bd5babcab5b266d299

  • SHA512

    b73288bd5f8e92c5dcfde72ffa92ab57e4e08a0818d2b81cd5e3164ac8568d661fbc1e4cd05f39a31b87c565439ebff653652a7c6c7170bb7b03ae5f36a65783

  • SSDEEP

    1536:9HxkDvWdB7O9dKymMyCMGni2Lz1LaRQLDEaB:9RkjWjK9ABpGzlaRQL5B

Score
10/10
urelasdiscoverytrojanupx

Malware Config

Extracted

Family

urelas

C2

218.54.47.77

218.54.47.74

Signatures

  • Urelas

    Urelas is a trojan targeting card games.

    trojanurelas
  • Urelas family
    urelas
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24ac1a6084fe86b3441c9eb8ffe4f569646b99ce4b8761bd5babcab5b266d299.exe
    "C:\Users\Admin\AppData\Local\Temp\24ac1a6084fe86b3441c9eb8ffe4f569646b99ce4b8761bd5babcab5b266d299.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2308
    • C:\Users\Admin\AppData\Local\Temp\huter.exe
      "C:\Users\Admin\AppData\Local\Temp\huter.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2028
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\sanfdr.bat" "
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2780

Network

    No results found
  • 211.57.201.131:11120
    huter.exe
    152 B
     3
  • 211.57.201.131:11170
    huter.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini
    Filesize

    512B

    MD5

    55d2fdd1432483e3ba86ebeccfe130b6

    SHA1

    7280b14d708800fd15303b2caa8628a0fbd7aa08

    SHA256

    5cfd1668ec0e5f3b5f8d04e54091d6f173bede6e6f9bb418819fd550095139fb

    SHA512

    36fd81128552356672b52936699c5e6362268c8131857e778e02a6862600c4feb20d13063d5f838e0887cb5083c648d39fe07faffba18c26387760752f9dd1f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\sanfdr.bat
    Filesize

    338B

    MD5

    ca3fe7040ba5e60460878cdecfac077e

    SHA1

    2c892a18061f55540c86b031d0fdc63d6a8663d8

    SHA256

    ec6f51b7949b69da904ae8845155c01e3146d94f9e9a69a886040645bbd87c7e

    SHA512

    05bd5ba44d2e39a9d2e1249824ef66576befb7940ed7e9095b8691d9740be3bb7bd359a8ad2d17eca2590f41d4ae4cdc5fbef0fe8bc453b6efe969f970c512f5

    Download Submit

  • \Users\Admin\AppData\Local\Temp\huter.exe
    Filesize

    80KB

    MD5

    d9a1d495585447fb1f8cc0497b512eb1

    SHA1

    bf63a1b12b965d71f8d252a23185688f0770b3e7

    SHA256

    66db8516965413c3ca4a193bcb777346367b8a62d16b7d141b7a8de7a3611eb0

    SHA512

    dcd461f4d4014594cd66d17f1d53d4d4597718ec82f92047b8b123a9f0bafe726b4db5ef64c4f2f6a5687a85d165f5e75f9a5cd5fe2724d725c37a251905f106

    Download Submit

  • memory/2028-17-0x00000000003A0000-0x00000000003D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2028-23-0x00000000003A0000-0x00000000003D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2028-25-0x00000000003A0000-0x00000000003D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2028-28-0x00000000003A0000-0x00000000003D1000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2308-0-0x0000000000310000-0x0000000000341000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2308-8-0x0000000002000000-0x0000000002031000-memory.dmp

    Filesize

    196KB

    Download

  • memory/2308-19-0x0000000000310000-0x0000000000341000-memory.dmp

    Filesize

    196KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.