Overview

overview

10

Static

static

1

3092939bde...0N.exe

windows7-x64

1

3092939bde...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-07-2024 23:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3092939bde0ec7e9306daeb85977ba60N.exe

  • Size

    4.9MB

  • MD5

    3092939bde0ec7e9306daeb85977ba60

  • SHA1

    54b2284e4834f33428061119574dd178f97932dc

  • SHA256

    2f8afa5c2e8c5904f07fb09b4196bdf33a31f4fe9eb62c9774c59500e16675d9

  • SHA512

    6475c8764d25a3659aa6ac27c9b5f83b09849bb2bd073041d7a1b5fd8474308829a620ed1a6c820f0e1e098bac14d32b046bff5af0058e421782f6d8669a1406

  • SSDEEP

    49152:gexu0GaRHcIef7bVn/XJqmzXplalRkNP4a5wUKCf96Cwsu5o4aELTw4F0ah9gO+Y:zYYeXJJYnkNw8wTZssiahIMr

Score
10/10
aurorastealer

Malware Config

Extracted

Family

aurora

C2

45.132.106.77:8081

Signatures

  • Aurora

    Aurora is a crypto wallet stealer written in Golang.

    stealeraurora
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3092939bde0ec7e9306daeb85977ba60N.exe
    "C:\Users\Admin\AppData\Local\Temp\3092939bde0ec7e9306daeb85977ba60N.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3872
    • C:\Windows\system32\RuntimeBroker.exe
      C:\Windows\system32\RuntimeBroker.exe
      2⤵
        PID:1864

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1864-16-0x0000000000400000-0x0000000000773000-memory.dmp
      Filesize

      3.4MB

      Download
    • memory/1864-19-0x0000000000400000-0x0000000000773000-memory.dmp
      Filesize

      3.4MB

      Download
    • memory/1864-21-0x0000000000400000-0x0000000000773000-memory.dmp
      Filesize

      3.4MB

      Download
    • memory/1864-25-0x0000000000400000-0x0000000000773000-memory.dmp
      Filesize

      3.4MB

      Download
    • memory/1864-2-0x0000000000400000-0x0000000000773000-memory.dmp
      Filesize

      3.4MB

      Download
    • memory/1864-22-0x0000000000400000-0x0000000000773000-memory.dmp
      Filesize

      3.4MB

      Download
    • memory/1864-6-0x0000000000400000-0x0000000000773000-memory.dmp
      Filesize

      3.4MB

      Download
    • memory/1864-18-0x0000000000400000-0x0000000000773000-memory.dmp
      Filesize

      3.4MB

      Download
    • memory/1864-23-0x0000000000400000-0x0000000000773000-memory.dmp
      Filesize

      3.4MB

      Download
    • memory/1864-10-0x0000000000400000-0x0000000000773000-memory.dmp
      Filesize

      3.4MB

      Download
    • memory/1864-4-0x0000000000400000-0x0000000000773000-memory.dmp
      Filesize

      3.4MB

      Download
    • memory/1864-1-0x0000000000400000-0x0000000000773000-memory.dmp
      Filesize

      3.4MB

      Download
    • memory/1864-20-0x0000000000400000-0x0000000000773000-memory.dmp
      Filesize

      3.4MB

      Download
    • memory/1864-12-0x0000000000400000-0x0000000000773000-memory.dmp
      Filesize

      3.4MB

      Download
    • memory/1864-8-0x0000000000400000-0x0000000000773000-memory.dmp
      Filesize

      3.4MB

      Download
    • memory/3872-24-0x0000000000210000-0x000000000072A000-memory.dmp
      Filesize

      5.1MB

      Download