popup

Report - CamLiveSetup1.0.0.exe

Emotet Gen1
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.04.21 10:36 Machine s1_win7_x6402
Filename CamLiveSetup1.0.0.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score Not founds Behavior Score
6.2
ZERO API file : clean
VT API (file) 14 detected (Unsafe, RelevantCRTD, Artemis, multiple detections, SunnyDigits, 1libuEvXm1Q, +VOeE7lBA58)
md5 82ab12bcd6402e68ae9b1e3cff33699c
sha256 ef86f5e482582614c78b73f43ec1cad14f50473b76baa3f2b604a47431c96b63
ssdeep 393216:7d33shkesGqHlRJxWcPXfgFBJDFd9Wjg+fyYurLi66M7egHmElPU+DtgZS4/Zq:uhzsGqHlRD/3kBJFWjv+rLipMYEuItgx
imphash 884310b1928934402ea6fec1dbd3cf5e
impfuzzy 48:8cfp1rcQX0gebPCDr+ZbldH9AOZGwt+Eu55T/lGB:8cfpdcqNebqDrmrHW2
  Network IP location

Signature (16cnts)

Level Description
watch Communicates with host for which no DNS query was performed
watch File has been identified by 14 AntiVirus engines on VirusTotal as malicious
watch Resumed a suspended thread in a remote process potentially indicative of process injection
notice Allocates read-write-execute memory (usually to unpack itself)
notice An application raised an exception which may be indicative of an exploit crash
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice Creates executable files on the filesystem
notice Drops an executable to the user AppData folder
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice Uses Windows utilities for basic Windows functionality
notice Yara rule detected in process memory
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info One or more processes crashed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (48cnts)

Level Name Description Collection
danger Win32_Trojan_Emotet_2_Zero Win32 Trojan Emotet binaries (download)
danger Win32_Trojan_Emotet_2_Zero Win32 Trojan Emotet binaries (upload)
danger Win32_Trojan_Gen_1_0904B0_Zero Win32 Trojan Emotet binaries (download)
info anti_dbg Checks if being debugged memory
info DebuggerCheck__GlobalFlags (no description) memory
info DebuggerCheck__QueryInfo (no description) memory
info DebuggerHiding__Active (no description) memory
info DebuggerHiding__Thread (no description) memory
info disable_dep Bypass DEP memory
info IsDLL (no description) binaries (download)
info IsPE32 (no description) binaries (download)
info IsPE32 (no description) binaries (upload)
info IsPE64 (no description) binaries (download)
info JPEG_Format_Zero JPEG Format binaries (download)
info OS_Processor_Check_Zero OS Processor Check Signature Zero binaries (download)
info PE_Header_Zero PE File Signature Zero binaries (download)
info PE_Header_Zero PE File Signature Zero binaries (upload)
info PNG_Format_Zero PNG Format binaries (download)
info SEH__vectored (no description) memory
info ThreadControl__Context (no description) memory
info borland_delphi Borland Delphi 2.0 - 7.0 / 2005 - 2007 binaries (download)
info borland_delphi Borland Delphi 2.0 - 7.0 / 2005 - 2007 binaries (upload)
info escalate_priv Escalade priviledges binaries (download)
info escalate_priv Escalade priviledges binaries (upload)
info HasDebugData DebugData Check binaries (download)
info HasDigitalSignature DigitalSignature Check binaries (upload)
info HasOverlay Overlay Check binaries (download)
info HasOverlay Overlay Check binaries (upload)
info HasRichSignature Rich Signature Check binaries (download)
info IsConsole (no description) binaries (download)
info IsPacked Entropy Check binaries (upload)
info IsWindowsGUI (no description) binaries (download)
info IsWindowsGUI (no description) binaries (upload)
info keylogger Run a keylogger binaries (download)
info Microsoft_Office_Document_Zero Microsoft Office Document Signature Zero binaries (download)
info screenshot Take screenshot binaries (download)
info spreading_file Malware can spread east-west file binaries (download)
info win_files_operation Affect private profile binaries (download)
info win_files_operation Affect private profile binaries (upload)
info win_files_operation Affect private profile memory
info win_mutex Create or check mutex binaries (download)
info win_private_profile Affect private profile binaries (download)
info win_registry Affect system registries binaries (download)
info win_registry Affect system registries binaries (upload)
info win_registry Affect system registries memory
info win_token Affect system token binaries (download)
info win_token Affect system token binaries (upload)
info win_token Affect system token memory

Network (78cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://www.microsoft.com/china/windows/IE/upgrade/index.aspx
whois
US AKAMAI-AS 23.201.37.168 clean
https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.19.1/scripts/mwf-main.var.js
whois
US LG DACOM Corporation 23.61.77.47 clean
https://c.s-microsoft.com/zh-cn/CMSScripts/script.jsx?k=a99b0db8-bfbf-545e-1fb8-9506657ef0a2_548ab34c-2019-5a40-159d-497aca0a31aa_681f815f-66fa-dd0d-337c-f122e5fbc441_03f654df-21f3-ee95-3e73-fff757267bc7_8b6e2c63-6927-7db5-8e32-7f3333da659e_336509cc-abc8-
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel11_HighlightFeature_Apps.jpg?version=20838ec0-a03c-6daf-0748-1ae153da306c
whois
US AKAMAI-AS 23.201.37.168 clean
https://www.microsoft.com/en-us/silentauth
whois
US AKAMAI-AS 23.212.13.232 clean
https://c.s-microsoft.com/zh-cn/CMSImages/weibo-color.png?version=9724af91-3d78-e2ca-0dda-291ae59eee58
whois
US AKAMAI-AS 23.201.37.168 clean
https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/11-240c7b/63-077520/a4-34de62/bb-d7480b/db-bc0148/dc-7e9864/6d-c07ea1/9
whois
US AKAMAI-AS 23.212.13.232 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item6_Blue.jpg?version=838eebb7-ef23-731b-ee07-deea2ae49dc8
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Neurodiversity.jpg?version=dd9094cf-5aed-e3ec-4c49-2f0ffb0131d1
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel2_LinkNav_Support_Win10.svg?version=cd9f4a5f-0b3d-9251-c658-431441ccd316
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSImages/Prefooter_Icon-18_Support.svg?version=4a9a4c35-089f-e35e-f8db-f08df9dd53b2
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel10_4Up_Time.jpg?version=5b146a03-52cf-74f5-064d-eee060433c0b
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSImages/Prefooter_Icon-20_BlogWin.svg?version=3b1d197c-2139-50c4-563f-360f55c40234
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSImages/Windows-Consumer-QR-code-for-Wechat.jpg?version=5fa8e6f7-bd8d-d33c-9dbe-9d80f9fd1f1a
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSImages/wechat-color.png?version=a0708e8c-0e68-a7c8-9ece-ad71f007821d
whois
US AKAMAI-AS 23.201.37.168 clean
https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&checkda=1&ct=1618968526&rver=7.3.6963.0&wp=MBI_SSL&wreply=https%3a%2f%2fwww.microsoft.com%2fen-us%2fsilentauth%3fsilentauth%3dmsa&lc=1033&id=74335&aadredir=1
whois
SG MICROSOFT-CORP-MSN-AS-BLOCK 20.190.163.18 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel06_FeatureGroup_Gaming.jpg?version=67774c04-06d2-d24c-422f-d267d8c2963a
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel01_XMosaic_DoubleR_Alfred.jpg?version=03a6c714-4847-7450-38fb-8324ca30eb0a
whois
US AKAMAI-AS 23.201.37.168 clean
https://mwf-service.akamaized.net/mwf/css/bundle/1.58.0/chinese-simplified/default/mwf-main.min.css
whois
KR LG DACOM Corporation 182.162.106.48 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel01_XMosaic_DoubleR_Jen.jpg?version=c3b7507b-c995-8007-0f0d-42e9479462c2
whois
US AKAMAI-AS 23.201.37.168 clean
https://www.microsoft.com/videoplayer/js/oneplayeriframe.js
whois
US AKAMAI-AS 23.212.13.232 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel01_XMosaic_SingleL_Lina.jpg?version=62faa73f-e14b-9432-b764-2a7cb102f396
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item5_Stand.jpg?version=4cb1c4e3-e67f-5175-b325-d17b1ebffb42
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Learning.jpg?version=dd0f5222-972f-3d6a-c4b1-8d1f3cf273c0
whois
US AKAMAI-AS 23.201.37.168 clean
https://www.microsoft.com/favicon.ico?v2
whois
US AKAMAI-AS 23.212.13.232 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item1_Gray.jpg?version=df68d82a-b81b-b310-e0da-f49a63a83107
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel04_FeatureGroup_Need.jpg?version=0403d7c9-4711-8f9a-cb4d-38274bf57476
whois
US AKAMAI-AS 23.201.37.168 clean
https://statics-marketingsites-wcus-ms-com.akamaized.net/statics/override.css?c=7
whois
KR LG DACOM Corporation 121.254.136.48 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel10_4Up_Protect.jpg?version=74ddf6ec-e0f2-b1c0-68de-ae8073b23695
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel2_LinkNav_Learn_Win10.svg?version=a74055d5-8ea6-b1a6-7ee2-be3e17e60335
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSImages/Prefooter_Icon-21_InsiderProgram.svg?version=8768bb27-2df7-f685-7e06-2732b420aa68
whois
US AKAMAI-AS 23.201.37.168 clean
https://www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff
whois
US AKAMAI-AS 23.212.13.232 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel2_LinkNav_Apps_ROW.svg?version=fd5609cc-a2f9-94c5-1a66-94a80cd4daa5
whois
US AKAMAI-AS 23.201.37.168 clean
https://login.microsoftonline.com/common/oauth2/authorize?client_id=28b567f6-162c-4f54-99a0-6887f387bbcc&response_mode=form_post&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DAAEAAFyCdhnxw3rY8gmsuYE6uY
whois
SG MICROSOFT-CORP-MSN-AS-BLOCK 20.190.163.18 clean
https://www.microsoft.com/zh-cn/windows
whois
US AKAMAI-AS 23.212.13.232 clean
https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/chinese-simplified/shell/_scrf/css/themes=default.device=uplevel_web_pc/ce-7fab8a/4d-a16e89/31-37543f/c8-dc213b/72-bc6e2e/1f-ae6216/7f-eaeb0a/45-279540?ver=2.0&_cf=20210415
whois
US AKAMAI-AS 23.212.13.232 clean
https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
whois
KR LG DACOM Corporation 182.162.106.8 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel13_2Up_Home.jpg?version=eac57ec1-493d-31c9-6134-0f496332edfd
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item4_Key.jpg?version=e4d63016-4779-72f1-e2d8-7bed327aec74
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSScripts/script.jsx?k=6bf79a08-9288-6cc8-1e9a-4bf9dbcb4f0b
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item3_Pen.jpg?version=d227593e-08df-4975-4733-7d1adef53088
whois
US AKAMAI-AS 23.201.37.168 clean
https://mem.gfx.ms/meversion?partner=windows&market=zh-cn&uhf=1
whois
US AKAMAI-AS 184.25.17.153 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel2_LinkNav_Devices_Win10.svg?version=9edf105d-64f1-63ed-5722-088fa81cae60
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item2_Nocamera.jpg?version=71a410d4-1d20-bc8f-dc2e-36cc8a4a6c8a
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel10_4Up_Together.jpg?version=f129679d-4e30-ff68-4e6f-246b4b6387be
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel05_FeatureGroup_Included.jpg?version=976539f8-3873-bee1-7def-175fd679d5e1
whois
US AKAMAI-AS 23.201.37.168 clean
https://mwf-service.akamaized.net/mwf/js/bundle/1.58.0/mwf-auto-init-main.var.min.js
whois
KR LG DACOM Corporation 182.162.106.48 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Mobility.jpg?version=d6cee281-0b4a-7da7-45c1-9290b6842199
whois
US AKAMAI-AS 23.201.37.168 clean
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWbRcX
whois
US AKAMAI-AS 184.25.25.207 clean
https://www.microsoft.com/en-us/silentauth?silentauth=msa
whois
US AKAMAI-AS 23.212.13.232 clean
https://c.s-microsoft.com/zh-cn/CMSImages/Prefooter_Icon-19_Community.svg?version=4a149663-0cd4-3657-a2e5-828f12093a87
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Hearing.jpg?version=48d71b3d-1873-8a94-48cf-51b5004493b1
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel13_2Up_Pro.jpg?version=6254e865-59d9-772e-b366-18c5a317c764
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSStyles/style.csx?k=22361378-32d9-7605-f407-faf3915cc578_5db8aa42-94fc-25e1-b3cb-4c10fc9b3365_19eb7aac-f19d-5b0a-2597-917ab6f56948_6907ca6c-47d0-7fb2-f172-c697ac3fa1d4_c2f71a82-22a3-f26a-5030-ff5ef0258ba5_a681ceee-a34b-e1
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Vision.jpg?version=2e286003-dc42-a343-06c7-a89bf41afc60
whois
US AKAMAI-AS 23.201.37.168 clean
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel10_4Up_Ideas.jpg?version=4aa4ad31-1581-9d76-ef2f-e9ebe3f8e42c
whois
US AKAMAI-AS 23.201.37.168 clean
img-prod-cms-rt-microsoft-com.akamaized.net
whois
US Akamai International B.V. 23.67.53.153 clean
query.prod.cms.rt.microsoft.com
whois
US Akamai International B.V. 104.74.209.158 clean
statics-marketingsites-wcus-ms-com.akamaized.net
whois
US Akamai International B.V. 23.67.53.138 clean
c.s-microsoft.com
whois
US AKAMAI-AS 23.40.45.184 mailcious
assets.onestore.ms
whois
US Akamai International B.V. 104.74.154.117 clean
login.live.com
whois
JP MICROSOFT-CORP-MSN-AS-BLOCK 40.126.37.6 clean
az725175.vo.msecnd.net
whois
AU EDGECAST 117.18.232.200 clean
mwf-service.akamaized.net
whois
US Akamai International B.V. 23.67.53.146 clean
assets.adobedtm.com
whois
US AKAMAI-AS 23.40.44.242 clean
login.microsoftonline.com
whois
JP MICROSOFT-CORP-MSN-AS-BLOCK 20.190.165.7 clean
mem.gfx.ms
whois
US AKAMAI-AS 184.25.17.153 clean
www.microsoft.com
whois
US AKAMAI-AS 23.201.37.168 clean
184.25.25.207
whois
US AKAMAI-AS 184.25.25.207 clean
121.254.136.48
whois
KR LG DACOM Corporation 121.254.136.48 clean
23.212.13.232
whois
US AKAMAI-AS 23.212.13.232 clean
104.75.0.209
whois
US Akamai International B.V. 104.75.0.209 clean
182.162.106.48
whois
KR LG DACOM Corporation 182.162.106.48 clean
20.190.163.18
whois
SG MICROSOFT-CORP-MSN-AS-BLOCK 20.190.163.18 clean
182.162.106.8
whois
KR LG DACOM Corporation 182.162.106.8 clean
184.25.17.153
whois
US AKAMAI-AS 184.25.17.153 clean
23.201.37.168
whois
US AKAMAI-AS 23.201.37.168 clean
23.61.77.47
whois
US LG DACOM Corporation 23.61.77.47 clean

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

PE API

IAT(Import Address Table) Library

kernel32.dll
 0x40d0b4 DeleteCriticalSection
 0x40d0b8 LeaveCriticalSection
 0x40d0bc EnterCriticalSection
 0x40d0c0 InitializeCriticalSection
 0x40d0c4 VirtualFree
 0x40d0c8 VirtualAlloc
 0x40d0cc LocalFree
 0x40d0d0 LocalAlloc
 0x40d0d4 WideCharToMultiByte
 0x40d0d8 TlsSetValue
 0x40d0dc TlsGetValue
 0x40d0e0 MultiByteToWideChar
 0x40d0e4 GetModuleHandleA
 0x40d0e8 GetLastError
 0x40d0ec GetCommandLineA
 0x40d0f0 WriteFile
 0x40d0f4 SetFilePointer
 0x40d0f8 SetEndOfFile
 0x40d0fc RtlUnwind
 0x40d100 ReadFile
 0x40d104 RaiseException
 0x40d108 GetStdHandle
 0x40d10c GetFileSize
 0x40d110 GetSystemTime
 0x40d114 GetFileType
 0x40d118 ExitProcess
 0x40d11c CreateFileA
 0x40d120 CloseHandle
user32.dll
 0x40d128 MessageBoxA
oleaut32.dll
 0x40d130 VariantChangeTypeEx
 0x40d134 VariantCopyInd
 0x40d138 VariantClear
 0x40d13c SysStringLen
 0x40d140 SysAllocStringLen
advapi32.dll
 0x40d148 RegQueryValueExA
 0x40d14c RegOpenKeyExA
 0x40d150 RegCloseKey
 0x40d154 OpenProcessToken
 0x40d158 LookupPrivilegeValueA
kernel32.dll
 0x40d160 WriteFile
 0x40d164 VirtualQuery
 0x40d168 VirtualProtect
 0x40d16c VirtualFree
 0x40d170 VirtualAlloc
 0x40d174 Sleep
 0x40d178 SizeofResource
 0x40d17c SetLastError
 0x40d180 SetFilePointer
 0x40d184 SetErrorMode
 0x40d188 SetEndOfFile
 0x40d18c RemoveDirectoryA
 0x40d190 ReadFile
 0x40d194 LockResource
 0x40d198 LoadResource
 0x40d19c LoadLibraryA
 0x40d1a0 IsDBCSLeadByte
 0x40d1a4 GetWindowsDirectoryA
 0x40d1a8 GetVersionExA
 0x40d1ac GetUserDefaultLangID
 0x40d1b0 GetSystemInfo
 0x40d1b4 GetSystemDefaultLCID
 0x40d1b8 GetProcAddress
 0x40d1bc GetModuleHandleA
 0x40d1c0 GetModuleFileNameA
 0x40d1c4 GetLocaleInfoA
 0x40d1c8 GetLastError
 0x40d1cc GetFullPathNameA
 0x40d1d0 GetFileSize
 0x40d1d4 GetFileAttributesA
 0x40d1d8 GetExitCodeProcess
 0x40d1dc GetEnvironmentVariableA
 0x40d1e0 GetCurrentProcess
 0x40d1e4 GetCommandLineA
 0x40d1e8 GetACP
 0x40d1ec InterlockedExchange
 0x40d1f0 FormatMessageA
 0x40d1f4 FindResourceA
 0x40d1f8 DeleteFileA
 0x40d1fc CreateProcessA
 0x40d200 CreateFileA
 0x40d204 CreateDirectoryA
 0x40d208 CloseHandle
user32.dll
 0x40d210 TranslateMessage
 0x40d214 SetWindowLongA
 0x40d218 PeekMessageA
 0x40d21c MsgWaitForMultipleObjects
 0x40d220 MessageBoxA
 0x40d224 LoadStringA
 0x40d228 ExitWindowsEx
 0x40d22c DispatchMessageA
 0x40d230 DestroyWindow
 0x40d234 CreateWindowExA
 0x40d238 CallWindowProcA
 0x40d23c CharPrevA
comctl32.dll
 0x40d244 InitCommonControls
advapi32.dll
 0x40d24c AdjustTokenPrivileges

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure