Analysis
-
max time kernel
122s -
max time network
142s -
platform
windows10-1703_x64 -
resource
win10-20240221-en -
resource tags
arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system -
submitted
01-03-2024 16:49
Behavioral task
behavioral1
Sample
Aurora_V2/Aurora.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Aurora_V2/Aurora.exe
Resource
win10-20240221-en
Behavioral task
behavioral3
Sample
Aurora_V2/scripts/scripts.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Aurora_V2/scripts/scripts.dll
Resource
win10-20240221-en
General
-
Target
Aurora_V2/scripts/scripts.dll
-
Size
18.7MB
-
MD5
88fd7dbf04bcf75123d02009aea3f7f7
-
SHA1
cecf16bdad71e54afc941179ea2b7438a04efa1d
-
SHA256
01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
-
SHA512
2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917
-
SSDEEP
393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
regsvr32.exepid process 4360 regsvr32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 4176 wrote to memory of 4360 4176 regsvr32.exe regsvr32.exe PID 4176 wrote to memory of 4360 4176 regsvr32.exe regsvr32.exe PID 4176 wrote to memory of 4360 4176 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\Aurora_V2\scripts\scripts.dll1⤵
- Suspicious use of WriteProcessMemory
PID:4176 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\Aurora_V2\scripts\scripts.dll2⤵
- Suspicious use of SetWindowsHookEx
PID:4360