7a88ac88cd9a64ac367e048c1ce14a6fb31d5025a95e8ff6fc42730ac3f941a3 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 06:30

Sharing

Report Analysis Logs

General

Target

Aura.exe
Size

2.7MB
MD5

3567ee60deb35afd811a25424c9b13a8
SHA1

850f2bf4dbd2e569a9aca863402c392226753956
SHA256

7a88ac88cd9a64ac367e048c1ce14a6fb31d5025a95e8ff6fc42730ac3f941a3
SHA512

a004731ba7d2abdf8bd1691ef98356da7e9119d1d7d281d824d9229a21acbf6a82801620250eafec63bbf5d09817b5ae93776d8721543a2a7e1bd2ecbe80c20a
SSDEEP

49152:kPw34yFJzSdhPzD0mOd4606hU6HznMO8ieMB2FT9m+49UYl1VGZS+M:H9mOd46WO8lFU9XV9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 1804	2172	Aura.exe	30
PID 2172 wrote to memory of 1804	2172	Aura.exe	30
PID 2172 wrote to memory of 1804	2172	Aura.exe	30

C:\Users\Admin\AppData\Local\Temp\Aura.exe
"C:\Users\Admin\AppData\Local\Temp\Aura.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2172 -s 28
  2⤵
  PID:1804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2172-0-0x000000013FEE0000-0x0000000140196000-memory.dmp

Filesize
2.7MB

Download