Overview
overview
10Static
static
10Aurora.exe
windows10-2004-x64
gui/Auth.html
windows10-2004-x64
1gui/Builder.html
windows10-2004-x64
1gui/CHECKER.html
windows10-2004-x64
1gui/Dashboard.html
windows10-2004-x64
1gui/Loader.html
windows10-2004-x64
1gui/SETTINGS.html
windows10-2004-x64
1gui/assets/docs.js
windows10-2004-x64
1gui/inlog.html
windows10-2004-x64
1gui/jSnow.js
windows10-2004-x64
1gui/jquery.js
windows10-2004-x64
1gui/log.html
windows10-2004-x64
1gui/nicepage.js
windows10-2004-x64
1gui/packed.js
windows10-2004-x64
1gui/resour...pd.xml
windows10-2004-x64
1gui/resour...ws.xml
windows10-2004-x64
1gui/resource/dl.xml
windows10-2004-x64
1gui/resour...in.xml
windows10-2004-x64
1gui/resource/no.xml
windows10-2004-x64
1gui/resource/plus.xml
windows10-2004-x64
1gui/resour...xy.xml
windows10-2004-x64
1gui/resource/yes.xml
windows10-2004-x64
1gui/script.js
windows10-2004-x64
1gui/snowstorm-min.js
windows10-2004-x64
1resource/R...er.exe
windows10-2004-x64
1Analysis
-
max time kernel
71s -
max time network
81s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
23-04-2023 23:02
Behavioral task
behavioral1
Sample
Aurora.exe
Resource
win10v2004-20230221-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
gui/Auth.html
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
gui/Builder.html
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
gui/CHECKER.html
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
gui/Dashboard.html
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
gui/Loader.html
Resource
win10v2004-20230221-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
gui/SETTINGS.html
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
gui/assets/docs.js
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
gui/inlog.html
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
gui/jSnow.js
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
gui/jquery.js
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
gui/log.html
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
gui/nicepage.js
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
gui/packed.js
Resource
win10v2004-20230221-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
gui/resource/dashboard/pd.xml
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
gui/resource/dashboard/ws.xml
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
gui/resource/dl.xml
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
gui/resource/domain.xml
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
gui/resource/no.xml
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
gui/resource/plus.xml
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
gui/resource/proxy.xml
Resource
win10v2004-20230221-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
gui/resource/yes.xml
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
gui/script.js
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
gui/snowstorm-min.js
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
resource/ResourceHacker.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
General
-
Target
gui/CHECKER.html
-
Size
30KB
-
MD5
bbda01f4d78932e8716452e5b44c873c
-
SHA1
8f8059d8a82d7a05e8d03d1e8fc2962d7039b3cf
-
SHA256
ce8394994ae108d6a0a4fdce1c47afc415a0ff2bf20d7288bf4c0974fd2a4a25
-
SHA512
27b4d1b2492aa7fc64360bd019df8df222f4941f71862c793836f6dadaa8e1a58f10e011a47605d393a632b0d67af1fcd8e5203622d05cfbcbffb5da9ecd3375
-
SSDEEP
192:af0JOW/yNBVJbCprc8zHWP89YD8KMn+JnOUnVwnB2nDUn3iKt55uuMNq6p+aUNtd:a3W/0BhTuMxTcEuCM
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133267646165998670" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2656 chrome.exe 2656 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2656 chrome.exe 2656 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe Token: SeShutdownPrivilege 2656 chrome.exe Token: SeCreatePagefilePrivilege 2656 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe 2656 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2656 wrote to memory of 1272 2656 chrome.exe 82 PID 2656 wrote to memory of 1272 2656 chrome.exe 82 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 1844 2656 chrome.exe 83 PID 2656 wrote to memory of 3584 2656 chrome.exe 84 PID 2656 wrote to memory of 3584 2656 chrome.exe 84 PID 2656 wrote to memory of 116 2656 chrome.exe 85 PID 2656 wrote to memory of 116 2656 chrome.exe 85 PID 2656 wrote to memory of 116 2656 chrome.exe 85 PID 2656 wrote to memory of 116 2656 chrome.exe 85 PID 2656 wrote to memory of 116 2656 chrome.exe 85 PID 2656 wrote to memory of 116 2656 chrome.exe 85 PID 2656 wrote to memory of 116 2656 chrome.exe 85 PID 2656 wrote to memory of 116 2656 chrome.exe 85 PID 2656 wrote to memory of 116 2656 chrome.exe 85 PID 2656 wrote to memory of 116 2656 chrome.exe 85 PID 2656 wrote to memory of 116 2656 chrome.exe 85 PID 2656 wrote to memory of 116 2656 chrome.exe 85 PID 2656 wrote to memory of 116 2656 chrome.exe 85 PID 2656 wrote to memory of 116 2656 chrome.exe 85 PID 2656 wrote to memory of 116 2656 chrome.exe 85 PID 2656 wrote to memory of 116 2656 chrome.exe 85 PID 2656 wrote to memory of 116 2656 chrome.exe 85 PID 2656 wrote to memory of 116 2656 chrome.exe 85 PID 2656 wrote to memory of 116 2656 chrome.exe 85 PID 2656 wrote to memory of 116 2656 chrome.exe 85 PID 2656 wrote to memory of 116 2656 chrome.exe 85 PID 2656 wrote to memory of 116 2656 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\gui\CHECKER.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2656 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae0c19758,0x7ffae0c19768,0x7ffae0c197782⤵PID:1272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 --field-trial-handle=1848,i,9444412056521944847,10090244276695991641,131072 /prefetch:22⤵PID:1844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1848,i,9444412056521944847,10090244276695991641,131072 /prefetch:82⤵PID:3584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1848,i,9444412056521944847,10090244276695991641,131072 /prefetch:82⤵PID:116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1848,i,9444412056521944847,10090244276695991641,131072 /prefetch:12⤵PID:4772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1848,i,9444412056521944847,10090244276695991641,131072 /prefetch:12⤵PID:1448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1848,i,9444412056521944847,10090244276695991641,131072 /prefetch:82⤵PID:688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1848,i,9444412056521944847,10090244276695991641,131072 /prefetch:82⤵PID:3956
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4732
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
200KB
MD5b307960088a819e13f37cb6d63189f8a
SHA1ca77d620e6d049d17cb616c387309cb54a3b4b33
SHA256405385bbfc23fb895d65a6f8d7f58b1b5d47e83e46aeea3a33cfc0582edfddc1
SHA5124c907fd605ffbf8e858ff0e97432c6223d171ec0cfb4f43dc14b0ab100e0bcd56f166f6a08df16a055c88e0f32398a73d27ebff58cce14f04a33c6963197bce8
-
Filesize
873B
MD501ca096e8b887d031f50096fcf5b6fbe
SHA15f43c6ba4d49b6e7dc544326fb231b5974452a91
SHA256ade236a9bcf1edeb0db11c8e34dcdb8552e73f238a5e26378c2c827501f80704
SHA51246151f2ad0f9c02be1122b366f05eb3baa43e7cfb5bda863ce497b5dd11bd02fa03b87e832e0f8ee58ff96dcfda3c512901f670bd1b6c188fd60d796b2da5c1c
-
Filesize
5KB
MD53d603259cb1912b55ba47f770d7839a6
SHA107ef48c67779a8319ab4431a4d2f6e0d44ea006e
SHA25615502d7818460254d583fbc239b09426903b0816715fa273d4adb8df840de579
SHA512d3e3f12eacc5e38e976e27113b8c7594393aa1f93d818c57685d0ea01dce80df7abb6ecaec4f47b14e231cb848a448493d53998fd63c132deb8e8a1fc255a496
-
Filesize
5KB
MD521b1752c8f14867c1952ab4e9dcf7bd9
SHA195b3e38e331164a0ac6becf3479b736a9604202a
SHA256aff82ab28b5dff95509ff5d2f85b648a6f398b3e7277e44a33ebf75d25b5c948
SHA512049b956de711b80b91922002ec47b6e2f00cc6bad4ed1cc23c963e72bc8c97fcc11173fcdc814c53e90f9bc014128cf2d272093a071986358338beba1511bdce
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd