Overview
overview
10Static
static
10Aurora.exe
windows10-2004-x64
10gui/Auth.html
windows10-2004-x64
1gui/Builder.html
windows10-2004-x64
1gui/CHECKER.html
windows10-2004-x64
1gui/Dashboard.html
windows10-2004-x64
1gui/Loader.html
windows10-2004-x64
1gui/SETTINGS.html
windows10-2004-x64
1gui/assets/docs.js
windows10-2004-x64
1gui/inlog.html
windows10-2004-x64
1gui/jSnow.js
windows10-2004-x64
1gui/jquery.js
windows10-2004-x64
1gui/log.html
windows10-2004-x64
1gui/nicepage.js
windows10-2004-x64
1gui/packed.js
windows10-2004-x64
1gui/resour...pd.xml
windows10-2004-x64
1gui/resour...ws.xml
windows10-2004-x64
1gui/resource/dl.xml
windows10-2004-x64
1gui/resour...in.xml
windows10-2004-x64
1gui/resource/no.xml
windows10-2004-x64
1gui/resource/plus.xml
windows10-2004-x64
1gui/resour...xy.xml
windows10-2004-x64
1gui/resource/yes.xml
windows10-2004-x64
1gui/script.js
windows10-2004-x64
1gui/snowstorm-min.js
windows10-2004-x64
1resource/R...er.exe
windows10-2004-x64
1Analysis
-
max time kernel
96s -
max time network
106s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
04-06-2023 17:08
Behavioral task
behavioral1
Sample
Aurora.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral2
Sample
gui/Auth.html
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
gui/Builder.html
Resource
win10v2004-20230220-en
Behavioral task
behavioral4
Sample
gui/CHECKER.html
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
gui/Dashboard.html
Resource
win10v2004-20230220-en
Behavioral task
behavioral6
Sample
gui/Loader.html
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
gui/SETTINGS.html
Resource
win10v2004-20230220-en
Behavioral task
behavioral8
Sample
gui/assets/docs.js
Resource
win10v2004-20230221-en
Behavioral task
behavioral9
Sample
gui/inlog.html
Resource
win10v2004-20230220-en
Behavioral task
behavioral10
Sample
gui/jSnow.js
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
gui/jquery.js
Resource
win10v2004-20230220-en
Behavioral task
behavioral12
Sample
gui/log.html
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
gui/nicepage.js
Resource
win10v2004-20230220-en
Behavioral task
behavioral14
Sample
gui/packed.js
Resource
win10v2004-20230220-en
Behavioral task
behavioral15
Sample
gui/resource/dashboard/pd.xml
Resource
win10v2004-20230220-en
Behavioral task
behavioral16
Sample
gui/resource/dashboard/ws.xml
Resource
win10v2004-20230221-en
Behavioral task
behavioral17
Sample
gui/resource/dl.xml
Resource
win10v2004-20230220-en
Behavioral task
behavioral18
Sample
gui/resource/domain.xml
Resource
win10v2004-20230220-en
Behavioral task
behavioral19
Sample
gui/resource/no.xml
Resource
win10v2004-20230220-en
Behavioral task
behavioral20
Sample
gui/resource/plus.xml
Resource
win10v2004-20230220-en
Behavioral task
behavioral21
Sample
gui/resource/proxy.xml
Resource
win10v2004-20230220-en
Behavioral task
behavioral22
Sample
gui/resource/yes.xml
Resource
win10v2004-20230220-en
Behavioral task
behavioral23
Sample
gui/script.js
Resource
win10v2004-20230221-en
Behavioral task
behavioral24
Sample
gui/snowstorm-min.js
Resource
win10v2004-20230220-en
Behavioral task
behavioral25
Sample
resource/ResourceHacker.exe
Resource
win10v2004-20230220-en
General
-
Target
gui/script.js
-
Size
2KB
-
MD5
ef7730a96c61a4ab85e03c9dd6bd63d5
-
SHA1
434a065c0d4a126984a3e09513a364bb6ffa40e7
-
SHA256
9aca0357bf142b1ecd70af9f994639cb92af52de396267178fa1d672ca20e4b4
-
SHA512
90aff01e609cde790aaa19ca72cd13ce58c8f4b87e022d570d171f1911bb5c1d209ebd5a6bf2b560a877276bc9fc9be07f1420a8f446c37dc05c55246ad65c1d
Malware Config
Signatures
Processes
Network
-
Remote address:173.223.113.131:80RequestGET /pkiops/crl/Microsoft%20Azure%20TLS%20Issuing%20CA%2005.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: www.microsoft.com
-
Remote address:8.8.8.8:53Request157.123.68.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request241.150.49.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request76.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.232.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request58.104.205.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request76.38.195.152.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request154.239.44.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request13.86.106.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request44.8.109.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request133.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request134.121.24.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request76.121.18.2.in-addr.arpaIN PTRResponse76.121.18.2.in-addr.arpaIN PTRa2-18-121-76deploystaticakamaitechnologiescom
-
173.223.113.131:80http://www.microsoft.com/pkiops/crl/Microsoft%20Azure%20TLS%20Issuing%20CA%2005.crlhttp216 B 40 B 1 1
HTTP Request
GET http://www.microsoft.com/pkiops/crl/Microsoft%20Azure%20TLS%20Issuing%20CA%2005.crl -
322 B 7
-
156 B 3
-
6.2kB 8
-
46 B 1
-
322 B 7
-
322 B 7
-
322 B 7
-
72 B 146 B 1 1
DNS Request
157.123.68.40.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
241.150.49.20.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
15.164.165.52.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
76.32.126.40.in-addr.arpa
-
74 B 145 B 1 1
DNS Request
240.232.229.192.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
58.104.205.20.in-addr.arpa
-
72 B 143 B 1 1
DNS Request
76.38.195.152.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
154.239.44.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
13.86.106.20.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
44.8.109.52.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
133.32.126.40.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
134.121.24.20.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
76.121.18.2.in-addr.arpa