Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
11/02/2024, 19:43
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-11_255ce9e97b243434ae2f24096609f64f_magniber.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-11_255ce9e97b243434ae2f24096609f64f_magniber.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-02-11_255ce9e97b243434ae2f24096609f64f_magniber.exe
-
Size
3.6MB
-
MD5
255ce9e97b243434ae2f24096609f64f
-
SHA1
7d09b86df4ded4645dd15efcb7d438bf06dc8d7c
-
SHA256
75def47f7ec0a5962c37f81ad7ae30addc8d3dc1c50e39bd8e162be72fbe5888
-
SHA512
366948c122ebc03ad6c4f1b9f1fddbcb96701b5dde11172e64007b558d8c062febfacdcba12a7fd8760f988d2a5a2567255aa25fb360eba69b47e91a25b4b6af
-
SSDEEP
98304:q1JFkPMqxEq29HsT0trPMLKRNxYkUsGvT:q1CxE5MT0trELKmhv
Malware Config
Signatures
-
resource behavioral2/files/0x0002000000022707-23.dat -
Loads dropped DLL 1 IoCs
pid Process 4492 EXCEL.EXE -
Checks processor information in registry 2 TTPs 7 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet EXCEL.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 2024-02-11_255ce9e97b243434ae2f24096609f64f_magniber.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet 2024-02-11_255ce9e97b243434ae2f24096609f64f_magniber.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4492 EXCEL.EXE -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4492 EXCEL.EXE 4492 EXCEL.EXE 4492 EXCEL.EXE 4492 EXCEL.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4492 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 18 IoCs
pid Process 4492 EXCEL.EXE 4492 EXCEL.EXE 4492 EXCEL.EXE 4492 EXCEL.EXE 4492 EXCEL.EXE 4492 EXCEL.EXE 4492 EXCEL.EXE 4492 EXCEL.EXE 4492 EXCEL.EXE 4492 EXCEL.EXE 4492 EXCEL.EXE 4492 EXCEL.EXE 4492 EXCEL.EXE 4492 EXCEL.EXE 4492 EXCEL.EXE 4492 EXCEL.EXE 4492 EXCEL.EXE 4492 EXCEL.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-11_255ce9e97b243434ae2f24096609f64f_magniber.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-11_255ce9e97b243434ae2f24096609f64f_magniber.exe"1⤵
- Checks processor information in registry
PID:3080
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding1⤵
- Loads dropped DLL
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4492
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.4MB
MD5c34a83705bc5f0f7c1f0529241952795
SHA1fb9054d4cbaf5ea634e7a312438d8ea3a8c20ef1
SHA256a08cd5073378c16d4ba2c1c70fe84b698b8c681fab20f5e2f582f8d22f510d78
SHA512ba366ae41223be397a63beb8945d50c439167e765385c878645e648b47362af08479938b8077fefccb10820cbbbb643519e487c515a086aba25c63b122974057
-
Filesize
384KB
MD5761a4d6332be96ae52fb4cdac861ca14
SHA1d6ad2c0d00800d1254ef49b028782da43f03cc82
SHA2561faa947b39bea8a3239f7ca50bb1463522b8049a440707a19eaf9ee682d2ba69
SHA51285ca0fff72283a24db752484adc575ddea94f424f8e231bc8e22e087d1acd174fd8fd9353a0f986f2a8bf6dc4c7868fd011fc811ad7ee9f973736e0d539ffcfb
-
Filesize
22KB
MD529c44d16abfff0d8ccbd43a80871a904
SHA15f6417443a42856fd13d90e56153a8b5d272dffd
SHA25663c99e16ff5432d4432fd01de90d549f1c898049d63422450cb93ab8e29fdb2d
SHA512ed62a24fb42abb49a8c23aab6c4e140b4b98a25227c100f9c8081f325ba3a41d6b49a5628a704db7f1207bc0c3bb852ea02d88f4a868e7ec1f2ddf599d0839e7
-
Filesize
26KB
MD568ae3f8f60641e3b6e40c907e9f01daa
SHA1204d0f28e2970af8a6727198b88edbfdd19d5c51
SHA256759024e88c6e0063004bb09392922af4010aec87dc7c8377451c87ab13a68bf0
SHA512443d53552354407df61d688223381bfc31f61c6b2bf9618f38e18f74490e8f98ad0dbb3128990c58b4f3094790908b84eb63e62070c337385c20c8a8699bcbcf