Overview

overview

10

Static

static

10

Aurora.exe

windows7-x64

10

Aurora.exe

windows10-2004-x64

10

gui/Builder.html

windows7-x64

1

gui/Builder.html

windows10-2004-x64

1

gui/CHECKER.html

windows7-x64

1

gui/CHECKER.html

windows10-2004-x64

1

gui/Dashboard.html

windows7-x64

1

gui/Dashboard.html

windows10-2004-x64

1

gui/Loader.html

windows7-x64

1

gui/Loader.html

windows10-2004-x64

1

gui/SETTINGS.html

windows7-x64

1

gui/SETTINGS.html

windows10-2004-x64

1

gui/assets/docs.js

windows7-x64

1

gui/assets/docs.js

windows10-2004-x64

1

gui/inlog.html

windows7-x64

1

gui/inlog.html

windows10-2004-x64

1

gui/jSnow.js

windows7-x64

1

gui/jSnow.js

windows10-2004-x64

1

gui/jquery.js

windows7-x64

1

gui/jquery.js

windows10-2004-x64

1

resource/R...er.exe

windows7-x64

1

resource/R...er.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    29-04-2023 16:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gui/inlog.html

  • Size

    6KB

  • MD5

    b2b90afba457e3ebd4098dfa49ddcb09

  • SHA1

    e2480663992878a2c5942e8396840b207dab4175

  • SHA256

    0a7ff9068f0f60cd2fafb298fee177ca93453665f5ed973503a86f1ea88fe110

  • SHA512

    909a1727f068f094801f90e213449b738ed56c02c4a49a44da556f8d1368d90da2f2ec9ac8bc031c8d1ed2e45ce0b3bf53c97ea397e9efb3a5daa3275057ad75

  • SSDEEP

    96:5D15sO500ZLPUARaJX/9itC36wpBr6yxIi/zJocnmd4E+ZR5K6nP5EGE7Me:TOOq09PUAU1FitC3Rz6yxX/zK5qEBwe

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\gui\inlog.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1100
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1100 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1716

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    36015fb83088bd4699d858cbe2e5345c

    SHA1

    8f0f6d1ae72f6c652c510768d5df0742fad89ea3

    SHA256

    86219096b17bee168a9cabf1cb00080807c2575b8f9f14b1e32a833d1e21c38e

    SHA512

    f30fa7863f09a44a3115b331e197787f264e045455e912333b902da876d05f42276062ceef830ae8e7717207ab64087c7b3efc2044dd8caad21d9ab15c2dbe6a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    2c8865f808aade406b1452b7794460a0

    SHA1

    39f8c036237213eac7bcdfc3b3a23275a5479f24

    SHA256

    4ba02d15ab2ec8536d7c0c75851506e7e1f22be6aad66ff14d5bb3c5c7868e4a

    SHA512

    197dfad4d0bf1e087e72d6e121154c6d7485215d84cead275ca9d0be63e593db89fa0a8e61e5f50aa0c81969d4a986ea4a84547e8380f1652cb999a8f1878485

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    dfeb1a6c223ed0e4d8af5cbc28d27e13

    SHA1

    861e32edddf9922485e0de9b14d7845022f1a2b5

    SHA256

    ec1c24a81dedc44420d84350ae3fb5a20b6643a0e676a4b5282ff4db4ffba4f2

    SHA512

    259f095ee80462d6376e8e67d640bbe22f6078a8bdf5e7029e4d0ff6b95a405086335a74a7694d189d8b348a7dd0db00b6858ebdadb2d30a481f246a15de0e0f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    64f9c55876a4795b10a01f5e63149458

    SHA1

    f394d7041edc9a9e14b3b25faaf7c6188bc2833a

    SHA256

    90b489e5f8fe13e8349557f68c81123c30e61647a358902ec4ca66db401f580a

    SHA512

    542e9eaea57a77add84956f9a4eacd233901ef06dbbd26852b6161f7dd71652d917093a4b9249620bc03ad3c565c62c8cc13e69f0a8be72d4b2b1324c108a71d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    3502a0ea34fe24a3d929b05f328134d6

    SHA1

    c640ca2445fd7b3004b57d2b62afbcdbac19eeb9

    SHA256

    e7b5ca29887306aec33c41f639d6c214f092a7d37c742ebc02c3551fd0f8bb70

    SHA512

    de6bf6382d9f52dadff8b08be91d6946fe449ec4f4b7ad399ba5b345b776daff6ad753e596325dbac0f446358efe440aceda4d3d8e92419271fb823577a5c203

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    74b0b04535578264df0b711f32e99a69

    SHA1

    fda11a8ffd2d19e03d31389e4903e05bd6d6938c

    SHA256

    bed2c7bc28bfcb8c31c7e1c9b62a6049ae0489d64a37cc4a5b393c8a195964be

    SHA512

    c5c8f70789caa0afa0c2163f80aaf562a7c3759d1f9ef56b1f328858d9ad6c3e5aaa1931c5eb0c5382efada577c1d46fa979aa5fc1c423fc09e4ff885c9258ab

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    8c0c7e8870a20f5e9887add7e8751773

    SHA1

    27f91e937207ddcb970403b4d808031949c71f3b

    SHA256

    a89c8761ace086c74b25889a9e9dfcaac64fd8668f1174e1564ec1e4e287d09b

    SHA512

    51a6aff51c726435c79cfa95621c2751aefa97431fffd9fb7b49b133b77e36c0f4635aec8ac525e6afd288b1cd235ae1c7dcfdc0539972f26b7a2c6c016b3aea

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    22ece29e62e67a91df06a8baa2c8e09e

    SHA1

    6f5d3f8b8d61e583dba956050379802d6c89a1f1

    SHA256

    abf4a012caa18eaa77b77999259e881326d19cb0d5172b9b64925662a84f5c59

    SHA512

    5555d8a5842d00159072b51cd592471c09d8a8652ed95ad3d39038ea4bc6351a1654597e1c81043136bbe56394d19498aff30efb83d564d3995a3318193376ff

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    3563d26b7a44889b25e1e3f73569338f

    SHA1

    3f47d2f90a2970fb847bc9dedd60fafb4d48d861

    SHA256

    2a85b4e824541ecb5e0dfc100d4d12ed4866ba3af60d8cece54bfc3e0a226a37

    SHA512

    a3694e2ac94f32e954917a64d667fb4d3372fdeb76ceb17ac0cf37df64c2fd6f0730df1c683a61f8cb9a86e93a03f87bc121d03d08e43acdc267ca7bb8e586e9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    2158d9bbf5575adc5c37fdbf5c8ca30d

    SHA1

    f8c3bcf29d00a18c8c8dce62d92df686e41c8842

    SHA256

    a3b38a70238dd4355e69d8c9ffe050a7cacc33874ab4db760ee2ae7dd5356b84

    SHA512

    162728fe797b7efeefccd2231cd0e5eb7532a4387dbef65aad19c51e1f542b7578281c99485a477684a70a986c79d6e2c9b2181e42afceb537265ef428186eb5

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c7ffac19ac5202c951c37f73da2ccb75

    SHA1

    f5d2466e028803a73067c69f6e12a946bff9e255

    SHA256

    5a30ddf91587ae825d65042b697fbc396414cbe4fbbddda5c570b4a49b5460e2

    SHA512

    9cf35eb923bb345fef164289082f8a2296c54fa2bca230ddd639e7588c96e38becfc12fea109bf1ec1f21057d4c0200b4a1af9c784b30434ec32949a81e56226

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T22XS5WA\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab6CCB.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar6CCA.tmp
    Filesize

    161KB

    MD5

    73b4b714b42fc9a6aaefd0ae59adb009

    SHA1

    efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

    SHA256

    c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

    SHA512

    73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar6F9F.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NF6KYJZZ.txt
    Filesize

    603B

    MD5

    a2a0aa5a757bf9d1491572824c392512

    SHA1

    e1e40d8a8750ceb8c6e20a496bc186833096bdfb

    SHA256

    3f9c3dc033386d4d5b73b608caa9340bb7b36a2a75f506b03b008852f88acd28

    SHA512

    48d35c385621876ab74a57dce260a5f7f81b5a3704da76a9d1e1defc2d4284539039f92ab4eaebeeab7becd817d85561dd6d8819bec829bfffd89d3598a5f37d

    Download Submit