Overview
overview
10Static
static
9by Ry0s [G...s].zip
windows10-2004-x64
1AURORAV1.rar
windows10-2004-x64
7AURORAV1/A...V1.exe
windows10-2004-x64
10$INTERNET_CACHE/Alot
windows10-2004-x64
1$INTERNET_...earing
windows10-2004-x64
1$INTERNET_...otions
windows10-2004-x64
1$INTERNET_...rotica
windows10-2004-x64
1$INTERNET_CACHE/Fcc
windows10-2004-x64
1$INTERNET_...ighter
windows10-2004-x64
1$INTERNET_...er.ps1
windows10-2004-x64
1$INTERNET_CACHE/Genre
windows10-2004-x64
1$INTERNET_...rrison
windows10-2004-x64
1$INTERNET_CACHE/Idea
windows10-2004-x64
1$INTERNET_...roduce
windows10-2004-x64
1$INTERNET_CACHE/Ld
windows10-2004-x64
1$INTERNET_...ipants
windows10-2004-x64
1$INTERNET_CACHE/Pulse
windows10-2004-x64
1$INTERNET_CACHE/Que
windows10-2004-x64
1$INTERNET_...chmond
windows10-2004-x64
1$INTERNET_...Tuning
windows10-2004-x64
1$INTERNET_...olence
windows10-2004-x64
1$INTERNET_CACHE/Wx
windows10-2004-x64
1AURORAV1/s...ts.dll
windows10-2004-x64
1README.txt
windows10-2004-x64
1Analysis
-
max time kernel
30s -
max time network
34s -
platform
windows10-2004_x64 -
resource
win10v2004-20240319-en -
resource tags
arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system -
submitted
07-04-2024 11:37
Behavioral task
behavioral1
Sample
by Ry0s [GoddyAvroraXploits].zip
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
AURORAV1.rar
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
AURORAV1/AVRORA V1.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
$INTERNET_CACHE/Alot
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$INTERNET_CACHE/Clearing
Resource
win10v2004-20240226-en
Behavioral task
behavioral6
Sample
$INTERNET_CACHE/Emotions
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$INTERNET_CACHE/Erotica
Resource
win10v2004-20240226-en
Behavioral task
behavioral8
Sample
$INTERNET_CACHE/Fcc
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
$INTERNET_CACHE/Fighter
Resource
win10v2004-20240226-en
Behavioral task
behavioral10
Sample
$INTERNET_CACHE/Forever.ps1
Resource
win10v2004-20240319-en
Behavioral task
behavioral11
Sample
$INTERNET_CACHE/Genre
Resource
win10v2004-20240226-en
Behavioral task
behavioral12
Sample
$INTERNET_CACHE/Harrison
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
$INTERNET_CACHE/Idea
Resource
win10v2004-20240226-en
Behavioral task
behavioral14
Sample
$INTERNET_CACHE/Introduce
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
$INTERNET_CACHE/Ld
Resource
win10v2004-20240226-en
Behavioral task
behavioral16
Sample
$INTERNET_CACHE/Participants
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
$INTERNET_CACHE/Pulse
Resource
win10v2004-20231215-en
Behavioral task
behavioral18
Sample
$INTERNET_CACHE/Que
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
$INTERNET_CACHE/Richmond
Resource
win10v2004-20240226-en
Behavioral task
behavioral20
Sample
$INTERNET_CACHE/Tuning
Resource
win10v2004-20231215-en
Behavioral task
behavioral21
Sample
$INTERNET_CACHE/Violence
Resource
win10v2004-20240226-en
Behavioral task
behavioral22
Sample
$INTERNET_CACHE/Wx
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
AURORAV1/scripts/scripts.dll
Resource
win10v2004-20240319-en
Behavioral task
behavioral24
Sample
README.txt
Resource
win10v2004-20240226-en
General
-
Target
$INTERNET_CACHE/Forever.ps1
-
Size
46KB
-
MD5
cdc1c1777ae9a8548ef73e3d8d3cb771
-
SHA1
ab9e4243eff32ab19c709c57ebd8a826b226646b
-
SHA256
e5909739456e96f48ede99e430190574db9593ec2ef32009557cffa71f141fba
-
SHA512
2f384cf0a24ba04c117d8fa00f757b0bd9ce7a333182eff3d8927bd80c068d4ad9bbfa1b90f904c974162d843e65ef450c938ce13a7ac6b64a1393202d1fc3d0
-
SSDEEP
768:zr9FRgR06DHimBL4w6e5/MYl22+b2eRrOV+VshEIsavgafe1aLJhFhLzlDngwhZE:X9FiKsLd5ENVrOV+V0/vDfeM/HLzlDgf
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
powershell.exepid process 2376 powershell.exe 2376 powershell.exe 2376 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 2376 powershell.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0ptvyq5m.cr0.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
memory/2376-9-0x0000025C322A0000-0x0000025C322C2000-memory.dmpFilesize
136KB
-
memory/2376-10-0x00007FF8A1E30000-0x00007FF8A28F1000-memory.dmpFilesize
10.8MB
-
memory/2376-11-0x0000025C2F900000-0x0000025C2F910000-memory.dmpFilesize
64KB
-
memory/2376-12-0x0000025C2F900000-0x0000025C2F910000-memory.dmpFilesize
64KB
-
memory/2376-13-0x0000025C2F900000-0x0000025C2F910000-memory.dmpFilesize
64KB
-
memory/2376-16-0x00007FF8A1E30000-0x00007FF8A28F1000-memory.dmpFilesize
10.8MB