aurora | 1476-59-0x0000000000400000-0x000000000075C000-memory[.]dmp | Triage

Submit
Reports

Overview

overview

Static

static

1476-59-0x...ry.exe

windows7-x64

3

1476-59-0x...ry.exe

windows10-2004-x64

3

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1476-59-0x0000000000400000-0x000000000075C000-memory.exe

Resource

win7-20221111-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

1476-59-0x0000000000400000-0x000000000075C000-memory.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

1476-59-0x0000000000400000-0x000000000075C000-memory.dmp
Size

3.4MB
MD5

15d5b52c2d0bdb4afbf2ca5cf5c85f21
SHA1

64a47fb29d7508d0e732ce9bded6a6029d1fec15
SHA256

5d76afc8945c2f276c4779667c581eff6d59eb3095bab7338b6310425f4d4956
SHA512

7399b70d8943a10e122747217652b02cdc7d0242b0dee248c9fc1078627efa9c6f917c0ba1358333679a2638a0581755913a3cdfa223d775dbb47e69e09781f8
SSDEEP

24576:ogv38tgY8ssirdG8hE88HoNZmYHyYeOaTpNOzjsLnRzA81iq8SRGp:ogv36gRirdG8hE8/NZw4aWsLFA8pcp

Score

10^/10

aurora

Malware Config

Extracted

Family

aurora

C2

45.15.156.210:8081

Signatures

Aurora family
aurora

Files

1476-59-0x0000000000400000-0x000000000075C000-memory.dmp
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 224KB - Virtual size: 610KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy