060ccee34d28fdcd93978fcd2e7d21be1edcd5839a6a9b57bf81b348bcc275b6

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
15-08-2023 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0347902196148ab771382b99d424660b_magniber_JC.exe
Size

19.2MB
MD5

0347902196148ab771382b99d424660b
SHA1

ec10e23dd1243172bf32f2c3a6708c7c8c77d29a
SHA256

060ccee34d28fdcd93978fcd2e7d21be1edcd5839a6a9b57bf81b348bcc275b6
SHA512

46b0e41bfc570cd348fa5f136a5947aba0ee3a3385d3df42fa8eb39e72a7247b3950be7c5776e8cada2cbb95b3d6b74ee2cc2c93368821a903767d699513e8f5
SSDEEP

393216:o3ifOR8Cd9UTc1eHxpLkrdInmvj67qyzcIPnG8cPcT6v:dq7UA1eHxlkJInmvmqCGhMk

Score

7^/10

bootkit persistence upx

Malware Config

Signatures

UPX packed file 17 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2220-73-0x0000000003AC0000-0x0000000005DBE000-memory.dmp	upx
behavioral1/memory/2220-77-0x0000000003AC0000-0x0000000005DBE000-memory.dmp	upx
behavioral1/memory/2220-78-0x0000000003AC0000-0x0000000005DBE000-memory.dmp	upx
behavioral1/memory/2220-79-0x0000000003AC0000-0x0000000005DBE000-memory.dmp	upx
behavioral1/memory/2220-96-0x0000000003AC0000-0x0000000005DBE000-memory.dmp	upx
behavioral1/memory/2220-164-0x0000000003AC0000-0x0000000005DBE000-memory.dmp	upx
behavioral1/memory/2220-256-0x0000000003AC0000-0x0000000005DBE000-memory.dmp	upx
behavioral1/memory/2220-280-0x0000000003AC0000-0x0000000005DBE000-memory.dmp	upx
behavioral1/memory/2220-504-0x0000000003AC0000-0x0000000005DBE000-memory.dmp	upx
behavioral1/memory/2220-1069-0x0000000003AC0000-0x0000000005DBE000-memory.dmp	upx
behavioral1/memory/2220-1076-0x0000000003AC0000-0x0000000005DBE000-memory.dmp	upx
behavioral1/memory/2220-1080-0x0000000003AC0000-0x0000000005DBE000-memory.dmp	upx
behavioral1/memory/2220-1084-0x0000000003AC0000-0x0000000005DBE000-memory.dmp	upx
behavioral1/memory/2220-1088-0x0000000003AC0000-0x0000000005DBE000-memory.dmp	upx
behavioral1/memory/2220-1092-0x0000000003AC0000-0x0000000005DBE000-memory.dmp	upx
behavioral1/memory/2220-1096-0x0000000003AC0000-0x0000000005DBE000-memory.dmp	upx
behavioral1/memory/2220-1100-0x0000000003AC0000-0x0000000005DBE000-memory.dmp	upx

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	0347902196148ab771382b99d424660b_magniber_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2320	wmic.exe
Token: SeSecurityPrivilege	2320	wmic.exe
Token: SeTakeOwnershipPrivilege	2320	wmic.exe
Token: SeLoadDriverPrivilege	2320	wmic.exe
Token: SeSystemProfilePrivilege	2320	wmic.exe
Token: SeSystemtimePrivilege	2320	wmic.exe
Token: SeProfSingleProcessPrivilege	2320	wmic.exe
Token: SeIncBasePriorityPrivilege	2320	wmic.exe
Token: SeCreatePagefilePrivilege	2320	wmic.exe
Token: SeBackupPrivilege	2320	wmic.exe
Token: SeRestorePrivilege	2320	wmic.exe
Token: SeShutdownPrivilege	2320	wmic.exe
Token: SeDebugPrivilege	2320	wmic.exe
Token: SeSystemEnvironmentPrivilege	2320	wmic.exe
Token: SeRemoteShutdownPrivilege	2320	wmic.exe
Token: SeUndockPrivilege	2320	wmic.exe
Token: SeManageVolumePrivilege	2320	wmic.exe
Token: 33	2320	wmic.exe
Token: 34	2320	wmic.exe
Token: 35	2320	wmic.exe
Token: SeIncreaseQuotaPrivilege	2320	wmic.exe
Token: SeSecurityPrivilege	2320	wmic.exe
Token: SeTakeOwnershipPrivilege	2320	wmic.exe
Token: SeLoadDriverPrivilege	2320	wmic.exe
Token: SeSystemProfilePrivilege	2320	wmic.exe
Token: SeSystemtimePrivilege	2320	wmic.exe
Token: SeProfSingleProcessPrivilege	2320	wmic.exe
Token: SeIncBasePriorityPrivilege	2320	wmic.exe
Token: SeCreatePagefilePrivilege	2320	wmic.exe
Token: SeBackupPrivilege	2320	wmic.exe
Token: SeRestorePrivilege	2320	wmic.exe
Token: SeShutdownPrivilege	2320	wmic.exe
Token: SeDebugPrivilege	2320	wmic.exe
Token: SeSystemEnvironmentPrivilege	2320	wmic.exe
Token: SeRemoteShutdownPrivilege	2320	wmic.exe
Token: SeUndockPrivilege	2320	wmic.exe
Token: SeManageVolumePrivilege	2320	wmic.exe
Token: 33	2320	wmic.exe
Token: 34	2320	wmic.exe
Token: 35	2320	wmic.exe
Token: SeIncreaseQuotaPrivilege	2844	wmic.exe
Token: SeSecurityPrivilege	2844	wmic.exe
Token: SeTakeOwnershipPrivilege	2844	wmic.exe
Token: SeLoadDriverPrivilege	2844	wmic.exe
Token: SeSystemProfilePrivilege	2844	wmic.exe
Token: SeSystemtimePrivilege	2844	wmic.exe
Token: SeProfSingleProcessPrivilege	2844	wmic.exe
Token: SeIncBasePriorityPrivilege	2844	wmic.exe
Token: SeCreatePagefilePrivilege	2844	wmic.exe
Token: SeBackupPrivilege	2844	wmic.exe
Token: SeRestorePrivilege	2844	wmic.exe
Token: SeShutdownPrivilege	2844	wmic.exe
Token: SeDebugPrivilege	2844	wmic.exe
Token: SeSystemEnvironmentPrivilege	2844	wmic.exe
Token: SeRemoteShutdownPrivilege	2844	wmic.exe
Token: SeUndockPrivilege	2844	wmic.exe
Token: SeManageVolumePrivilege	2844	wmic.exe
Token: 33	2844	wmic.exe
Token: 34	2844	wmic.exe
Token: 35	2844	wmic.exe
Token: SeIncreaseQuotaPrivilege	2844	wmic.exe
Token: SeSecurityPrivilege	2844	wmic.exe
Token: SeTakeOwnershipPrivilege	2844	wmic.exe
Token: SeLoadDriverPrivilege	2844	wmic.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2320	2220	0347902196148ab771382b99d424660b_magniber_JC.exe	28
PID 2220 wrote to memory of 2320	2220	0347902196148ab771382b99d424660b_magniber_JC.exe	28
PID 2220 wrote to memory of 2320	2220	0347902196148ab771382b99d424660b_magniber_JC.exe	28
PID 2220 wrote to memory of 2320	2220	0347902196148ab771382b99d424660b_magniber_JC.exe	28
PID 2220 wrote to memory of 2844	2220	0347902196148ab771382b99d424660b_magniber_JC.exe	32
PID 2220 wrote to memory of 2844	2220	0347902196148ab771382b99d424660b_magniber_JC.exe	32
PID 2220 wrote to memory of 2844	2220	0347902196148ab771382b99d424660b_magniber_JC.exe	32
PID 2220 wrote to memory of 2844	2220	0347902196148ab771382b99d424660b_magniber_JC.exe	32

C:\Users\Admin\AppData\Local\Temp\0347902196148ab771382b99d424660b_magniber_JC.exe
"C:\Users\Admin\AppData\Local\Temp\0347902196148ab771382b99d424660b_magniber_JC.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic csproduct get UUID
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2320
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic csproduct get UUID
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\37mobile\ysc_pc\0347902196148ab771382b99d424660b_magniber_JC\cookies.dat

Filesize
254B

MD5
d17682f88004cbc7a151f34fd84c0741

SHA1
bcf3a1274d8f44b81320bd75aae583026bc3f7e8

SHA256
bb4c2abed9bc6cb0c46c4e263df0cc3499da38ae3eb9fa496377a7d00dabb724

SHA512
ecd1542c5f2e6b80d3c996e2ae01805dd164383fd3fbaa3f9f038e3afac13f8ecac5ab07d17e48c8f50edbc92be46dc02742e86593463d4f885bf566f7531ee2

Download Submit
C:\Users\Admin\AppData\Roaming\37mobile\ysc_pc\0347902196148ab771382b99d424660b_magniber_JC\userconfig.ini

Filesize
194B

MD5
f9f1d650c898a7da4ca0baa4bb3d059e

SHA1
8812577d3b4cb6acea0b2de20f7969ff2e0e56aa

SHA256
e637f49f8ac11e46c8145a7fd8c956e57c4ece5f7a0ff163034404a169fab8ed

SHA512
96f23d6752ec2c6a8689d3e6f1b452202a7237c6f56cd32cd7a07a488f357176df876c72cac56d48b1ba04dd501d28c176abe3de7bd0efe07ca07b46f69bc111

Download Submit
C:\Users\Admin\AppData\Roaming\37mobile\ysc_pc\0347902196148ab771382b99d424660b_magniber_JC\userconfig.ini

Filesize
52B

MD5
22bca88b2bc02a0b71c86d90f94122fb

SHA1
7a56b5924aa10aa7a6af2d0d86cc94662ffdbb13

SHA256
aae69d5804baf4f34bb09b97883eb36cb45d57fa24b75be90f88c24d2893991d

SHA512
e051a9da34c702743dcfd87b14d99fdba1a501dd52fdae36dd3317044278efe2fb4269b5e93659eaa51f29e881568dae994d0279cdf062987d9c743da807975a

Download Submit
memory/2220-54-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/2220-55-0x0000000077380000-0x0000000077381000-memory.dmp

Filesize
4KB

Download
memory/2220-58-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download
memory/2220-62-0x0000000011000000-0x000000001111C000-memory.dmp

Filesize
1.1MB

Download
memory/2220-64-0x0000000011000000-0x000000001111C000-memory.dmp

Filesize
1.1MB

Download
memory/2220-74-0x0000000003AC0000-0x0000000005DBE000-memory.dmp

Filesize
35.0MB

Download
memory/2220-73-0x0000000003AC0000-0x0000000005DBE000-memory.dmp

Filesize
35.0MB

Download
memory/2220-77-0x0000000003AC0000-0x0000000005DBE000-memory.dmp

Filesize
35.0MB

Download
memory/2220-78-0x0000000003AC0000-0x0000000005DBE000-memory.dmp

Filesize
35.0MB

Download
memory/2220-79-0x0000000003AC0000-0x0000000005DBE000-memory.dmp

Filesize
35.0MB

Download
memory/2220-80-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/2220-84-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download
memory/2220-83-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/2220-95-0x0000000011000000-0x000000001111C000-memory.dmp

Filesize
1.1MB

Download
memory/2220-100-0x0000000017C00000-0x0000000017C40000-memory.dmp

Filesize
256KB

Download
memory/2220-99-0x0000000017C00000-0x0000000017C40000-memory.dmp

Filesize
256KB

Download
memory/2220-96-0x0000000003AC0000-0x0000000005DBE000-memory.dmp

Filesize
35.0MB

Download
memory/2220-102-0x0000000017C00000-0x0000000017C40000-memory.dmp

Filesize
256KB

Download
memory/2220-101-0x0000000017C00000-0x0000000017C40000-memory.dmp

Filesize
256KB

Download
memory/2220-105-0x0000000017C00000-0x0000000017C40000-memory.dmp

Filesize
256KB

Download
memory/2220-106-0x0000000017C00000-0x0000000017C40000-memory.dmp

Filesize
256KB

Download
memory/2220-104-0x0000000017C00000-0x0000000017C40000-memory.dmp

Filesize
256KB

Download
memory/2220-107-0x0000000017C00000-0x0000000017C40000-memory.dmp

Filesize
256KB

Download
memory/2220-108-0x0000000017C00000-0x0000000017C40000-memory.dmp

Filesize
256KB

Download
memory/2220-109-0x0000000017C00000-0x0000000017C40000-memory.dmp

Filesize
256KB

Download
memory/2220-121-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-129-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-119-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-118-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-117-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-116-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-115-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-114-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-113-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-112-0x0000000017C00000-0x0000000017C40000-memory.dmp

Filesize
256KB

Download
memory/2220-111-0x0000000017C00000-0x0000000017C40000-memory.dmp

Filesize
256KB

Download
memory/2220-110-0x0000000017C00000-0x0000000017C40000-memory.dmp

Filesize
256KB

Download
memory/2220-131-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-133-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-135-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-136-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-137-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-138-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-139-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-140-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-141-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-143-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-142-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-144-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-145-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-146-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-147-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-148-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-149-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-150-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-151-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-152-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-153-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-154-0x0000000017C00000-0x0000000017C40000-memory.dmp

Filesize
256KB

Download
memory/2220-155-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-156-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-158-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-159-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-160-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-161-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/2220-162-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download
memory/2220-163-0x0000000011000000-0x000000001111C000-memory.dmp

Filesize
1.1MB

Download
memory/2220-164-0x0000000003AC0000-0x0000000005DBE000-memory.dmp

Filesize
35.0MB

Download
memory/2220-166-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-168-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-167-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-170-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-171-0x0000000016F00000-0x0000000017010000-memory.dmp

Filesize
1.1MB

Download
memory/2220-172-0x0000000017C00000-0x0000000017C40000-memory.dmp

Filesize
256KB

Download
memory/2220-169-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-173-0x0000000008700000-0x0000000008740000-memory.dmp

Filesize
256KB

Download
memory/2220-253-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/2220-256-0x0000000003AC0000-0x0000000005DBE000-memory.dmp

Filesize
35.0MB

Download
memory/2220-277-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/2220-280-0x0000000003AC0000-0x0000000005DBE000-memory.dmp

Filesize
35.0MB

Download
memory/2220-500-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/2220-504-0x0000000003AC0000-0x0000000005DBE000-memory.dmp

Filesize
35.0MB

Download
memory/2220-1066-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/2220-1067-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download
memory/2220-1069-0x0000000003AC0000-0x0000000005DBE000-memory.dmp

Filesize
35.0MB

Download
memory/2220-1073-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/2220-1075-0x0000000011000000-0x000000001111C000-memory.dmp

Filesize
1.1MB

Download
memory/2220-1076-0x0000000003AC0000-0x0000000005DBE000-memory.dmp

Filesize
35.0MB

Download
memory/2220-1077-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/2220-1080-0x0000000003AC0000-0x0000000005DBE000-memory.dmp

Filesize
35.0MB

Download
memory/2220-1081-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/2220-1082-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download
memory/2220-1083-0x0000000011000000-0x000000001111C000-memory.dmp

Filesize
1.1MB

Download
memory/2220-1084-0x0000000003AC0000-0x0000000005DBE000-memory.dmp

Filesize
35.0MB

Download
memory/2220-1085-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/2220-1088-0x0000000003AC0000-0x0000000005DBE000-memory.dmp

Filesize
35.0MB

Download
memory/2220-1089-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/2220-1092-0x0000000003AC0000-0x0000000005DBE000-memory.dmp

Filesize
35.0MB

Download
memory/2220-1093-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/2220-1096-0x0000000003AC0000-0x0000000005DBE000-memory.dmp

Filesize
35.0MB

Download
memory/2220-1097-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/2220-1098-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download
memory/2220-1099-0x0000000011000000-0x000000001111C000-memory.dmp

Filesize
1.1MB

Download
memory/2220-1100-0x0000000003AC0000-0x0000000005DBE000-memory.dmp

Filesize
35.0MB

Download
memory/2220-1101-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads