Behavioral task
behavioral1
Sample
896-1251-0x0000000000B90000-0x00000000013B2000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
896-1251-0x0000000000B90000-0x00000000013B2000-memory.exe
Resource
win10v2004-20230221-en
General
-
Target
896-1251-0x0000000000B90000-0x00000000013B2000-memory.dmp
-
Size
8.1MB
-
MD5
4726dc554161614b0f3c29af218db5a4
-
SHA1
d533c307fdb2a2df64d296e10b180083dbc94734
-
SHA256
db58db617caa09c02234b26c915c1ebac86401c9a4c67232a671e246f6d79f56
-
SHA512
2bb4b2f47b1f10df22d3252b5463fde141224a78396a36d3272be41388c330347b86ff18255f52741fc740391db6a01ccf5b4b6c7d4331b0ff2d354564a6d3c3
-
SSDEEP
98304:AuzkVEkgxfMgASps5Awk0o9CjMn6hOhPv2qmxq9LYhtRFXSYweFsWxVTqPkuUXqm:DkVET/ps5ADveqH9LkvXoeFv3qcMm
Malware Config
Extracted
aurora
94.142.138.215:8081
Signatures
-
Aurora family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 896-1251-0x0000000000B90000-0x00000000013B2000-memory.dmp
Files
-
896-1251-0x0000000000B90000-0x00000000013B2000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
.MPRESS1 Size: 3.0MB - Virtual size: 8.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.MPRESS2 Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE