7ab9124d6437758af723cbaca1cc6893bdeb0924edb6a72301f6beef801cc00e

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2023, 17:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c35f6415ab3b9484ba8db9112e9f4b9b_mafia_magniber_JC.exe
Size

33.3MB
MD5

c35f6415ab3b9484ba8db9112e9f4b9b
SHA1

d7854ee3c1778b47135a9ab112368c1fbd84bbea
SHA256

7ab9124d6437758af723cbaca1cc6893bdeb0924edb6a72301f6beef801cc00e
SHA512

9438dc65f648e62236ba473d9f6ac952f9e98b46cf3710edb21a11e7a14eb654bcac467dab4b7dbcd38c7004c9838e846b92f61d39b3cefdee73359f71dece42
SSDEEP

393216:8a2lMhvXlcG7YnalQ7+6stVmQOPY++UOK2UAOsBtM7VoqcpctI71av6a3iVCJGh5:Bxb6stVmy++o8ODeMIBavrSVvcaenog4

Score

7^/10

bootkit persistence

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
372	c35f6415ab3b9484ba8db9112e9f4b9b_mafia_magniber_JC.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	c35f6415ab3b9484ba8db9112e9f4b9b_mafia_magniber_JC.exe

C:\Users\Admin\AppData\Local\Temp\c35f6415ab3b9484ba8db9112e9f4b9b_mafia_magniber_JC.exe
"C:\Users\Admin\AppData\Local\Temp\c35f6415ab3b9484ba8db9112e9f4b9b_mafia_magniber_JC.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
PID:372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\PSafe\360Verify.dll

Filesize
94KB

MD5
486a3e10656cacd89e87562b0d88a908

SHA1
cd85185b1a28b52346b6668e09100599551ebb7a

SHA256
964b05a6c63bbd9b87428d9a2dda14c3cc890c8e62101fa090c4f568e97ee373

SHA512
f4c7929fa262c9a031923396946a982134c78762c3ecdd7110366370b7b928e3e501a5db54aec1217a71fc2c47f239c81e48b3df496c4db678664b18d330e9fe

Download Submit
memory/372-4-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/372-5-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads