Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
02/10/2023, 17:22
General
-
Target
2023-08-27_361ea8209630ea1fc1e212ce23ee9b27_magniber_JC.exe
-
Size
23.2MB
-
MD5
361ea8209630ea1fc1e212ce23ee9b27
-
SHA1
8e8272f9890226e0bd28dbfb6e28eb335dfd57aa
-
SHA256
0a11f0af4b75f972200c636beebf476aaeabed96f77e8bfce49c73ed86239e74
-
SHA512
14a96e52fa60ab33700f82a0c8a5979c25706391d982f4ac975be11921a2b9b00d47b80610078e976d21f3188accb6e6a613af480f856669cf71a238d8862b40
-
SSDEEP
196608:lBY376DEtUmaIsqY4tdqYrKcxos1+11dFY9IPqYZvUqYneXmzWLy3TXsUkKneBSq:HY376DCYie4kTxz7lydH0GB4I+v/Sa
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 4 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 30 IoCs
-
Modifies registry class 9 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_361ea8209630ea1fc1e212ce23ee9b27_magniber_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_361ea8209630ea1fc1e212ce23ee9b27_magniber_JC.exe"1⤵
- Loads dropped DLL
- Enumerates connected drives
- Checks SCSI registry key(s)
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s "C:\Users\Admin\AppData\Local\Temp\AMBmpRecorder.ax"2⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x428 0x2441⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD5effc110606c472ae3bcd245ffc988749
SHA1519e6ec1908adf2dc02f6fcbfbd6f552de7b70e2
SHA256b6f60f30f91f425aec30d2b67ec958939857bdf170afc14ebb0efeaed06202d7
SHA5126df5d4d9927c279f1c15e03ff56e893108b29089e576ab2abceaf2400189136df6d2faac2e594307bb18c64400fd247007779bbc6d0e5c11f8d914e871133d56
-
Filesize
1.4MB
MD5effc110606c472ae3bcd245ffc988749
SHA1519e6ec1908adf2dc02f6fcbfbd6f552de7b70e2
SHA256b6f60f30f91f425aec30d2b67ec958939857bdf170afc14ebb0efeaed06202d7
SHA5126df5d4d9927c279f1c15e03ff56e893108b29089e576ab2abceaf2400189136df6d2faac2e594307bb18c64400fd247007779bbc6d0e5c11f8d914e871133d56
-
Filesize
1.4MB
MD5effc110606c472ae3bcd245ffc988749
SHA1519e6ec1908adf2dc02f6fcbfbd6f552de7b70e2
SHA256b6f60f30f91f425aec30d2b67ec958939857bdf170afc14ebb0efeaed06202d7
SHA5126df5d4d9927c279f1c15e03ff56e893108b29089e576ab2abceaf2400189136df6d2faac2e594307bb18c64400fd247007779bbc6d0e5c11f8d914e871133d56
-
Filesize
7KB
MD5882e94d05902cd4fa100369cf84024ad
SHA1154699d61bcf09badf72e2cfd900e48f849a1753
SHA2568b220e844bb5fa19b71f2435f6e77b7dae87798985cfe1be5de90398b05dd43e
SHA512edf2774557866017be162df820fc21b1526c6b77e2092436394c65f1df06c3eddc5f6310882255328d568f8a708405979a38c4b6e6b84336c1dd0950135fa383
-
Filesize
228KB
-
Filesize
228KB