Analysis
-
max time kernel
121s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
22/10/2023, 10:00
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.2023-09-05_c235085054d700b9864c013e5d000900_magniber_JC.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.2023-09-05_c235085054d700b9864c013e5d000900_magniber_JC.exe
Resource
win10v2004-20231020-en
General
-
Target
NEAS.2023-09-05_c235085054d700b9864c013e5d000900_magniber_JC.exe
-
Size
18.4MB
-
MD5
c235085054d700b9864c013e5d000900
-
SHA1
0a57d5e29b937739369ae2038f2a664830c0176b
-
SHA256
e79962b4d77b5024614749192f7a5b821420bef240d6472f4d49e2b278832d8b
-
SHA512
7e68f5729bcd4942b6345cd7e5f3bd7129482f1969815c20c31b64f79a01519b159b5e8d9d918cef54b343fe84989108c99c367801045b6ff014eba59504ad75
-
SSDEEP
196608:kK/c5GImUr/iphmIFbg9MOkdT7DfPTl64A5DxTjbZWH1swGgZCATKWexsK3SHYm:kKrY6hHFs9piU9TjbQHAVCeSK38Y
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate NEAS.2023-09-05_c235085054d700b9864c013e5d000900_magniber_JC.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion NEAS.2023-09-05_c235085054d700b9864c013e5d000900_magniber_JC.exe -
Modifies registry class 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7FF92F9D-B337-72E3-FCA1-BC568EF001B6} NEAS.2023-09-05_c235085054d700b9864c013e5d000900_magniber_JC.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7FF92F9D-B337-72E3-FCA1-BC568EF001B6}\ = "UIHost Class" NEAS.2023-09-05_c235085054d700b9864c013e5d000900_magniber_JC.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7FF92F9D-B337-72E3-FCA1-BC568EF001B6}\AppID = "{36938566-B1AA-4E77-9B3F-730CF4E996AB}" NEAS.2023-09-05_c235085054d700b9864c013e5d000900_magniber_JC.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7FF92F9D-B337-72E3-FCA1-BC568EF001B6}\Programmable NEAS.2023-09-05_c235085054d700b9864c013e5d000900_magniber_JC.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 2948 NEAS.2023-09-05_c235085054d700b9864c013e5d000900_magniber_JC.exe Token: SeIncBasePriorityPrivilege 2948 NEAS.2023-09-05_c235085054d700b9864c013e5d000900_magniber_JC.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-05_c235085054d700b9864c013e5d000900_magniber_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-05_c235085054d700b9864c013e5d000900_magniber_JC.exe"1⤵
- Checks BIOS information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2948