Overview

overview

10

Static

static

3

2023-08-26...JC.exe

windows7-x64

10

2023-08-26...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    175s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    10/10/2023, 20:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2023-08-26_e335d2ab929291abade22368ffb7fcb4_magniber_JC.exe

  • Size

    204KB

  • MD5

    e335d2ab929291abade22368ffb7fcb4

  • SHA1

    03cf0cd0453ba4713fee88e3b1f12c398c38173f

  • SHA256

    e78793e09ec9d0623a17df051a1290eeb1999f52e38435da017aefa5ce97a617

  • SHA512

    23099fc6a659f553e8a303a0269a4f43eefdc931362937a28271b3d874b6739cd35549e46e2a4970795bb8cbb2c5560c2c7f1c3ce589a5f56e46f6135a2738ea

  • SSDEEP

    3072:oqEo7L4ueEp6Bxf3IbgFPJipLgaJ5R56AtCw9THbmQ6h6pxMJJgZOiUZBqZShF:HEaLjp6Bybjb5+AhHbmpJJyQ

Score
10/10
evasionpersistencespywarestealer

Malware Config

Signatures

  • Modifies security service 2 TTPs 1 IoCs
    evasion
  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2023-08-26_e335d2ab929291abade22368ffb7fcb4_magniber_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\2023-08-26_e335d2ab929291abade22368ffb7fcb4_magniber_JC.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3040
    • C:\Users\Admin\AppData\Local\Temp\2023-08-26_e335d2ab929291abade22368ffb7fcb4_magniber_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\2023-08-26_e335d2ab929291abade22368ffb7fcb4_magniber_JC.exe"
      2⤵
      • Modifies security service
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:2480
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\waizcglvui.bat" "
        3⤵
        • Deletes itself
        PID:2308
      • C:\Windows\M-5050572947025827857375865240\winmgr.exe
        C:\Windows\M-5050572947025827857375865240\winmgr.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:2164
        • C:\Windows\M-5050572947025827857375865240\winmgr.exe
          C:\Windows\M-5050572947025827857375865240\winmgr.exe
          4⤵
          • Executes dropped EXE
          PID:2936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\waizcglvui.bat
    Filesize

    284B

    MD5

    a82fa0b71a7c4b0597baa2f540eb9701

    SHA1

    053f85f97217313bf3774c1813c2409f9fba43b6

    SHA256

    7406ec074ca015cf429f90aac6262ff9b5b51c00042d7cdcdd0308bbcef77427

    SHA512

    43e9522a2c835d2067de559790e713c1bd5ddffdb8563d8dd1b8a6ab0368ae547d0f700595aac65109921959d142ae970e14bda9f70850aaee03bb4e8d62f858

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\waizcglvui.bat
    Filesize

    284B

    MD5

    a82fa0b71a7c4b0597baa2f540eb9701

    SHA1

    053f85f97217313bf3774c1813c2409f9fba43b6

    SHA256

    7406ec074ca015cf429f90aac6262ff9b5b51c00042d7cdcdd0308bbcef77427

    SHA512

    43e9522a2c835d2067de559790e713c1bd5ddffdb8563d8dd1b8a6ab0368ae547d0f700595aac65109921959d142ae970e14bda9f70850aaee03bb4e8d62f858

    Download Submit

  • C:\Windows\M-5050572947025827857375865240\winmgr.exe
    Filesize

    204KB

    MD5

    e335d2ab929291abade22368ffb7fcb4

    SHA1

    03cf0cd0453ba4713fee88e3b1f12c398c38173f

    SHA256

    e78793e09ec9d0623a17df051a1290eeb1999f52e38435da017aefa5ce97a617

    SHA512

    23099fc6a659f553e8a303a0269a4f43eefdc931362937a28271b3d874b6739cd35549e46e2a4970795bb8cbb2c5560c2c7f1c3ce589a5f56e46f6135a2738ea

    Download Submit

  • C:\Windows\M-5050572947025827857375865240\winmgr.exe
    Filesize

    204KB

    MD5

    e335d2ab929291abade22368ffb7fcb4

    SHA1

    03cf0cd0453ba4713fee88e3b1f12c398c38173f

    SHA256

    e78793e09ec9d0623a17df051a1290eeb1999f52e38435da017aefa5ce97a617

    SHA512

    23099fc6a659f553e8a303a0269a4f43eefdc931362937a28271b3d874b6739cd35549e46e2a4970795bb8cbb2c5560c2c7f1c3ce589a5f56e46f6135a2738ea

    Download Submit

  • C:\Windows\M-5050572947025827857375865240\winmgr.exe
    Filesize

    204KB

    MD5

    e335d2ab929291abade22368ffb7fcb4

    SHA1

    03cf0cd0453ba4713fee88e3b1f12c398c38173f

    SHA256

    e78793e09ec9d0623a17df051a1290eeb1999f52e38435da017aefa5ce97a617

    SHA512

    23099fc6a659f553e8a303a0269a4f43eefdc931362937a28271b3d874b6739cd35549e46e2a4970795bb8cbb2c5560c2c7f1c3ce589a5f56e46f6135a2738ea

    Download Submit

  • C:\Windows\M-5050572947025827857375865240\winmgr.exe
    Filesize

    204KB

    MD5

    e335d2ab929291abade22368ffb7fcb4

    SHA1

    03cf0cd0453ba4713fee88e3b1f12c398c38173f

    SHA256

    e78793e09ec9d0623a17df051a1290eeb1999f52e38435da017aefa5ce97a617

    SHA512

    23099fc6a659f553e8a303a0269a4f43eefdc931362937a28271b3d874b6739cd35549e46e2a4970795bb8cbb2c5560c2c7f1c3ce589a5f56e46f6135a2738ea

    Download Submit

  • \Windows\M-5050572947025827857375865240\winmgr.exe
    Filesize

    204KB

    MD5

    e335d2ab929291abade22368ffb7fcb4

    SHA1

    03cf0cd0453ba4713fee88e3b1f12c398c38173f

    SHA256

    e78793e09ec9d0623a17df051a1290eeb1999f52e38435da017aefa5ce97a617

    SHA512

    23099fc6a659f553e8a303a0269a4f43eefdc931362937a28271b3d874b6739cd35549e46e2a4970795bb8cbb2c5560c2c7f1c3ce589a5f56e46f6135a2738ea

    Download Submit

  • \Windows\M-5050572947025827857375865240\winmgr.exe
    Filesize

    204KB

    MD5

    e335d2ab929291abade22368ffb7fcb4

    SHA1

    03cf0cd0453ba4713fee88e3b1f12c398c38173f

    SHA256

    e78793e09ec9d0623a17df051a1290eeb1999f52e38435da017aefa5ce97a617

    SHA512

    23099fc6a659f553e8a303a0269a4f43eefdc931362937a28271b3d874b6739cd35549e46e2a4970795bb8cbb2c5560c2c7f1c3ce589a5f56e46f6135a2738ea

    Download Submit

  • \Windows\M-5050572947025827857375865240\winmgr.exe
    Filesize

    204KB

    MD5

    e335d2ab929291abade22368ffb7fcb4

    SHA1

    03cf0cd0453ba4713fee88e3b1f12c398c38173f

    SHA256

    e78793e09ec9d0623a17df051a1290eeb1999f52e38435da017aefa5ce97a617

    SHA512

    23099fc6a659f553e8a303a0269a4f43eefdc931362937a28271b3d874b6739cd35549e46e2a4970795bb8cbb2c5560c2c7f1c3ce589a5f56e46f6135a2738ea

    Download Submit

  • memory/2164-34-0x0000000000550000-0x0000000000650000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2164-38-0x0000000000230000-0x000000000026A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2164-30-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2164-41-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2480-9-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2480-8-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2480-27-0x0000000000800000-0x000000000083A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2480-5-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2480-3-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2936-56-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2936-61-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2936-58-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2936-45-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2936-51-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2936-53-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3040-7-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/3040-2-0x0000000000250000-0x0000000000350000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/3040-0-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download