Overview
overview
10Static
static
10Aurora.exe
windows10-2004-x64
gui/Auth.html
windows10-2004-x64
1gui/Builder.html
windows10-2004-x64
1gui/CHECKER.html
windows10-2004-x64
1gui/Dashboard.html
windows10-2004-x64
1gui/Loader.html
windows10-2004-x64
1gui/SETTINGS.html
windows10-2004-x64
1gui/assets/docs.js
windows10-2004-x64
1gui/inlog.html
windows10-2004-x64
1gui/jSnow.js
windows10-2004-x64
1gui/jquery.js
windows10-2004-x64
1gui/log.html
windows10-2004-x64
1gui/nicepage.js
windows10-2004-x64
1gui/packed.js
windows10-2004-x64
1gui/resour...pd.xml
windows10-2004-x64
1gui/resour...ws.xml
windows10-2004-x64
1gui/resource/dl.xml
windows10-2004-x64
1gui/resour...in.xml
windows10-2004-x64
1gui/resource/no.xml
windows10-2004-x64
1gui/resource/plus.xml
windows10-2004-x64
1gui/resour...xy.xml
windows10-2004-x64
1gui/resource/yes.xml
windows10-2004-x64
1gui/script.js
windows10-2004-x64
1gui/snowstorm-min.js
windows10-2004-x64
1resource/R...er.exe
windows10-2004-x64
1Analysis
-
max time kernel
65s -
max time network
74s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
23-04-2023 23:02
Behavioral task
behavioral1
Sample
Aurora.exe
Resource
win10v2004-20230221-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
gui/Auth.html
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
gui/Builder.html
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
gui/CHECKER.html
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
gui/Dashboard.html
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
gui/Loader.html
Resource
win10v2004-20230221-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
gui/SETTINGS.html
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
gui/assets/docs.js
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
gui/inlog.html
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
gui/jSnow.js
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
gui/jquery.js
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
gui/log.html
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
gui/nicepage.js
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
gui/packed.js
Resource
win10v2004-20230221-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
gui/resource/dashboard/pd.xml
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
gui/resource/dashboard/ws.xml
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
gui/resource/dl.xml
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
gui/resource/domain.xml
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
gui/resource/no.xml
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
gui/resource/plus.xml
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
gui/resource/proxy.xml
Resource
win10v2004-20230221-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
gui/resource/yes.xml
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
gui/script.js
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
gui/snowstorm-min.js
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
resource/ResourceHacker.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
General
-
Target
gui/Dashboard.html
-
Size
36KB
-
MD5
d48d1f160ff80990e5fc123886590158
-
SHA1
c3adff2a63b24b1219f31e75aea955cf401fa9f5
-
SHA256
eb071635072b9f1ccf127d954ea2678767441e77e5c4554fe6e7d22af1178962
-
SHA512
9bd258fd4c0b89fad2524a1c87ee267fab22692902f6d07014787aa09d09975b793aec93264b4af7d86c40d1d90e847f89b0aac3ba10f0c9b7f8931d56769528
-
SSDEEP
384:ozjQc7AkpXtr4MspwJoEE7rASHQoYXR3VAUl4AglgAAOT1LM:ozjQc7h74JCSH+3pe1Tq
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133267718107007018" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2784 chrome.exe 2784 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2784 chrome.exe 2784 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe Token: SeShutdownPrivilege 2784 chrome.exe Token: SeCreatePagefilePrivilege 2784 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe 2784 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2784 wrote to memory of 4920 2784 chrome.exe 82 PID 2784 wrote to memory of 4920 2784 chrome.exe 82 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 1744 2784 chrome.exe 83 PID 2784 wrote to memory of 3264 2784 chrome.exe 84 PID 2784 wrote to memory of 3264 2784 chrome.exe 84 PID 2784 wrote to memory of 3704 2784 chrome.exe 85 PID 2784 wrote to memory of 3704 2784 chrome.exe 85 PID 2784 wrote to memory of 3704 2784 chrome.exe 85 PID 2784 wrote to memory of 3704 2784 chrome.exe 85 PID 2784 wrote to memory of 3704 2784 chrome.exe 85 PID 2784 wrote to memory of 3704 2784 chrome.exe 85 PID 2784 wrote to memory of 3704 2784 chrome.exe 85 PID 2784 wrote to memory of 3704 2784 chrome.exe 85 PID 2784 wrote to memory of 3704 2784 chrome.exe 85 PID 2784 wrote to memory of 3704 2784 chrome.exe 85 PID 2784 wrote to memory of 3704 2784 chrome.exe 85 PID 2784 wrote to memory of 3704 2784 chrome.exe 85 PID 2784 wrote to memory of 3704 2784 chrome.exe 85 PID 2784 wrote to memory of 3704 2784 chrome.exe 85 PID 2784 wrote to memory of 3704 2784 chrome.exe 85 PID 2784 wrote to memory of 3704 2784 chrome.exe 85 PID 2784 wrote to memory of 3704 2784 chrome.exe 85 PID 2784 wrote to memory of 3704 2784 chrome.exe 85 PID 2784 wrote to memory of 3704 2784 chrome.exe 85 PID 2784 wrote to memory of 3704 2784 chrome.exe 85 PID 2784 wrote to memory of 3704 2784 chrome.exe 85 PID 2784 wrote to memory of 3704 2784 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\gui\Dashboard.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2784 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8be889758,0x7ff8be889768,0x7ff8be8897782⤵PID:4920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1876,i,12228703742523815241,15100459522983349087,131072 /prefetch:22⤵PID:1744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1876,i,12228703742523815241,15100459522983349087,131072 /prefetch:82⤵PID:3264
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1876,i,12228703742523815241,15100459522983349087,131072 /prefetch:82⤵PID:3704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3168 --field-trial-handle=1876,i,12228703742523815241,15100459522983349087,131072 /prefetch:12⤵PID:2380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1876,i,12228703742523815241,15100459522983349087,131072 /prefetch:12⤵PID:4496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1876,i,12228703742523815241,15100459522983349087,131072 /prefetch:82⤵PID:4080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1876,i,12228703742523815241,15100459522983349087,131072 /prefetch:82⤵PID:1460
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:484
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
706B
MD54f30602520b0dd1179d9532a14bf0bff
SHA11812d1d1e8edb46f1fe3e6cf42f9fe2d322e2840
SHA256ebf3a52c08756250ed1b4ad7d81c26add908512418dc36c9b785ee70bf9624e5
SHA51209755e0f75c09c36a55b1472ae41b6f3357684a5f65b4f0e17e361e10984fb982baf9b0c7a665d02572bcc0428f1d46d73a5dac8308b8b2803a9b71d549ffbf2
-
Filesize
4KB
MD52b98c9ae7456fd45413d432dba4b57a4
SHA1d1f75454683a8229fc827673961cec4f26cee6ff
SHA25699b2248a4eb907a041505c9f4be823d9979c7688c2327271107430094d4d5b11
SHA512f243f6be5d84104bdbd29c9f86b3c9c032c05aaf7f5093b91adbbbd0418bd15aea2b17bc5f8fc61d1f44c10fff91a5a5f731dabf58d7083bf1803eb454365dec
-
Filesize
4KB
MD5c10eddc58dd80a511fe0d6aae5397994
SHA1487f3abaca77b823dd88901e0d59810a260d0b72
SHA256fe13f75dbf98f981ebef338bb93ce7c6b44685a1d45e3c10692ae85278f6657c
SHA5127f7cc8fd9b65ef7a727dc059cf1124458be3891ff861e66a052c086528b3255ca66615b200b3a6736eda6dabb1ca7ca6bd7c310044a05dae21badad5b665053c
-
Filesize
200KB
MD50f3581ad85eeddca444f87107755238b
SHA1f3b2c511b3b8f6812dbe02a2dc0b43850e996df4
SHA256cf7655d157fcf8a5f7fd882d2fd6aae7803d4f09c580200fca0679dbe5d024a7
SHA512fe31a162460a35747d57ff1b4be06032050c2c2293138adcd310de6bf7b45d6975059094787d0bdd36d28efb7cb7486d544cbc00a7e4970a26a47f7ee08e5900