Overview

overview

10

Static

static

10

Aurora.exe

windows10-2004-x64

gui/Auth.html

windows10-2004-x64

1

gui/Builder.html

windows10-2004-x64

1

gui/CHECKER.html

windows10-2004-x64

1

gui/Dashboard.html

windows10-2004-x64

1

gui/Loader.html

windows10-2004-x64

1

gui/SETTINGS.html

windows10-2004-x64

1

gui/assets/docs.js

windows10-2004-x64

1

gui/inlog.html

windows10-2004-x64

1

gui/jSnow.js

windows10-2004-x64

1

gui/jquery.js

windows10-2004-x64

1

gui/log.html

windows10-2004-x64

1

gui/nicepage.js

windows10-2004-x64

1

gui/packed.js

windows10-2004-x64

1

gui/resour...pd.xml

windows10-2004-x64

1

gui/resour...ws.xml

windows10-2004-x64

1

gui/resource/dl.xml

windows10-2004-x64

1

gui/resour...in.xml

windows10-2004-x64

1

gui/resource/no.xml

windows10-2004-x64

1

gui/resource/plus.xml

windows10-2004-x64

1

gui/resour...xy.xml

windows10-2004-x64

1

gui/resource/yes.xml

windows10-2004-x64

1

gui/script.js

windows10-2004-x64

1

gui/snowstorm-min.js

windows10-2004-x64

1

resource/R...er.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    60s
  • max time network
    72s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-04-2023 23:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gui/resource/dashboard/pd.xml

  • Size

    409B

  • MD5

    1aa4cc65f2dca0e7c30898f95be8ae9d

  • SHA1

    ab14de28e2f72660b5c564635d21506e540166da

  • SHA256

    d15006a463520f79ac41358e4ad8af9b7e71e5f32db7eaff47149940d129056c

  • SHA512

    8093aaf540bd55682de1cbaf1c0cd666931f8ecd1aa1d9db4d78d7b7b395e4932a4fb9a2014b37c946aac8d695e12efa52e0a95f22c1bac3ca398ad6d5d1dda0

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\gui\resource\dashboard\pd.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4280
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\gui\resource\dashboard\pd.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1172
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1172 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1236

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    173a79e136330a70b71832e4563d1b42

    SHA1

    28b14a7bbe8a20fb082b36a9d2651e13fd1d14fe

    SHA256

    b3a892deb1113445e59cd3ef9ac10f02a8792652c30a2effe4cdc060bd71a03e

    SHA512

    b50efc28fb0d1731a9e337b531660c20c0d4046f2ed81e8085f5a9ca1c44b9960577fa558d729b48c8d3328f2599d1e27a19c4e59ed97125deee6a638fa2e880

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    997f8cafbc9ad3f68fc3511312938bfe

    SHA1

    88217cd0591bb8a38952367f59a5f70d136da88c

    SHA256

    d367ac709eaaa3e3d3fe2436711a003fac8b985a14acbce7c81b4f55f9a2174a

    SHA512

    26b61c4eb0118fc5316de44a164d8505a5f1093680d18bb47b8e542e3b43257841976a1321fcae47bbba3fb796fe3cb3ce21b695c9d648960cd3c3c8c9a68a58

    Download Submit
  • memory/4280-133-0x00007FFA94570000-0x00007FFA94580000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4280-135-0x00007FFA94570000-0x00007FFA94580000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4280-134-0x00007FFA94570000-0x00007FFA94580000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4280-136-0x00007FFA94570000-0x00007FFA94580000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4280-137-0x00007FFA94570000-0x00007FFA94580000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4280-138-0x00007FFA94570000-0x00007FFA94580000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4280-139-0x00007FFA94570000-0x00007FFA94580000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4280-140-0x00007FFA94570000-0x00007FFA94580000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4280-141-0x00007FFA94570000-0x00007FFA94580000-memory.dmp
    Filesize

    64KB

    Download