7a88ac88cd9a64ac367e048c1ce14a6fb31d5025a95e8ff6fc42730ac3f941a3 | Triage

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-10-2024 21:51

Sharing

Report Analysis Logs

General

Target

Aura.exe
Size

2.7MB
MD5

3567ee60deb35afd811a25424c9b13a8
SHA1

850f2bf4dbd2e569a9aca863402c392226753956
SHA256

7a88ac88cd9a64ac367e048c1ce14a6fb31d5025a95e8ff6fc42730ac3f941a3
SHA512

a004731ba7d2abdf8bd1691ef98356da7e9119d1d7d281d824d9229a21acbf6a82801620250eafec63bbf5d09817b5ae93776d8721543a2a7e1bd2ecbe80c20a
SSDEEP

49152:kPw34yFJzSdhPzD0mOd4606hU6HznMO8ieMB2FT9m+49UYl1VGZS+M:H9mOd46WO8lFU9XV9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 2900	2936	Aura.exe	30
PID 2936 wrote to memory of 2900	2936	Aura.exe	30
PID 2936 wrote to memory of 2900	2936	Aura.exe	30

C:\Users\Admin\AppData\Local\Temp\Aura.exe
"C:\Users\Admin\AppData\Local\Temp\Aura.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2936 -s 28
  2⤵
  PID:2900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2936-0-0x000000013F650000-0x000000013F906000-memory.dmp

Filesize
2.7MB

Download