Overview

overview

10

Static

static

1

2024-01-27...er.exe

windows7-x64

10

2024-01-27...er.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    5s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    27-01-2024 16:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-27_2e47762ed5f94ac03e28a9408398842f_magniber.exe

  • Size

    19.2MB

  • MD5

    2e47762ed5f94ac03e28a9408398842f

  • SHA1

    d1b3d61b967c88013323d469b9ca06758a6fb8b3

  • SHA256

    f18612de64687383f0e5a85bd805cc602615c9ba78563743c1e38ecbe643391a

  • SHA512

    dcae7637e20e2caee4f47aaa050202ffad694c49766adcea647606168d954cc25184af41d1cff4c37dd4b0a014b1141759eb014d6596927e2f8fba752b5da5d2

  • SSDEEP

    393216:OaVp4ReDeM+kkza+hsEEfhFxw1Rs8gRebKR/aN0CEzp0t:Fp4UF+h6hzwTsHeGR/HCEt4

Score
10/10
banloaddownloaderdropperevasiontrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-27_2e47762ed5f94ac03e28a9408398842f_magniber.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-27_2e47762ed5f94ac03e28a9408398842f_magniber.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1820
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2624

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\tmp3A17.mht
      Filesize

      50KB

      MD5

      3bfc2a5dae9019a500cbcbc5a739c793

      SHA1

      9f89fb984df87a49d2fe66071e89dde0e9fb6e5b

      SHA256

      480809de10f4c712730115486b3b5fcf36a0ba423aa55be3bd2499a10a1ec682

      SHA512

      d6dc3b43bbf35f13b965e56bb922ca1d92ec17dd7398d058cb8d6f204e86b67b2301f53413b2e80424f58a52b27d51235ed4527909333decf6145a5851157311

      Download Submit

    • memory/1820-18-0x0000000000400000-0x00000000048F1000-memory.dmp

      Filesize

      68.9MB

      Download

    • memory/1820-10-0x0000000000400000-0x00000000048F1000-memory.dmp

      Filesize

      68.9MB

      Download

    • memory/1820-20-0x0000000000400000-0x00000000048F1000-memory.dmp

      Filesize

      68.9MB

      Download

    • memory/1820-21-0x0000000006970000-0x0000000006B70000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1820-14-0x0000000000400000-0x00000000048F1000-memory.dmp

      Filesize

      68.9MB

      Download

    • memory/1820-16-0x0000000000400000-0x00000000048F1000-memory.dmp

      Filesize

      68.9MB

      Download

    • memory/1820-17-0x0000000000400000-0x00000000048F1000-memory.dmp

      Filesize

      68.9MB

      Download

    • memory/1820-0-0x0000000006970000-0x0000000006B70000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1820-128-0x0000000000400000-0x00000000048F1000-memory.dmp

      Filesize

      68.9MB

      Download

    • memory/1820-9-0x0000000000400000-0x00000000048F1000-memory.dmp

      Filesize

      68.9MB

      Download

    • memory/1820-12-0x0000000000400000-0x00000000048F1000-memory.dmp

      Filesize

      68.9MB

      Download

    • memory/1820-22-0x0000000004920000-0x0000000004921000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1820-25-0x0000000006970000-0x0000000006B70000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1820-47-0x0000000000400000-0x00000000048F1000-memory.dmp

      Filesize

      68.9MB

      Download

    • memory/1820-6-0x0000000006970000-0x0000000006B70000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1820-125-0x0000000000400000-0x00000000048F1000-memory.dmp

      Filesize

      68.9MB

      Download

    • memory/1820-126-0x0000000004920000-0x0000000004921000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1820-19-0x0000000000400000-0x00000000048F1000-memory.dmp

      Filesize

      68.9MB

      Download