Overview

overview

7

Static

static

3

Magnus.iso

windows10-2004-x64

7

Analysis

  • max time kernel
    441s
  • max time network
    1164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-02-2024 17:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Magnus.iso

  • Size

    276.5MB

  • MD5

    341b05c6d698e3712cd9277174222628

  • SHA1

    3b929a5b9dec8cc5e68684d9aaa1bde2213f0789

  • SHA256

    beba80803c2a05745cd15adcace6f5183d9699b93994d3ca1be935f342c92ae6

  • SHA512

    4e2ed5e50e944701f0f3221a8e9b55bd1a7f880aac76b725c2afd4ff635e5faf7671b878ab7e83a03742ca340a1022003b8af8dc54103a7d8dbca14a4393d37c

  • SSDEEP

    6291456:+WxMe5DHIOHrZZPeC/KlDW9WyMe5DJxIGOHyCab6Pi6CIECC:qOkKZReF+WfOlxFb9bq3nEC

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Magnus.iso
    1⤵
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:1924
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4464
    • \??\E:\AUTORUN.EXE
      "E:\AUTORUN.EXE"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2628
      • \??\E:\Setup.exe
        E:\Setup.exe
        2⤵
        • Loads dropped DLL
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Modifies registry class
        PID:1924
    • C:\Program Files (x86)\Tales From The Paradise Park\START32.EXE
      "C:\Program Files (x86)\Tales From The Paradise Park\START32.EXE"
      1⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:2672
      • C:\Windows\splwow64.exe
        C:\Windows\splwow64.exe 12288
        2⤵
          PID:3380
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
        1⤵
          PID:1340
        • C:\Windows\system32\AUDIODG.EXE
          C:\Windows\system32\AUDIODG.EXE 0x408 0x40c
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3452
        • \??\E:\AUTORUN.EXE
          "E:\AUTORUN.EXE"
          1⤵
          • Suspicious use of WriteProcessMemory
          PID:2444
          • C:\Program Files (x86)\Tales From The Paradise Park\start32.exe
            "C:\Program Files (x86)\Tales From The Paradise Park\start32.exe"
            2⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            PID:4912

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Tales From The Paradise Park\INTRO.dxr
          Filesize

          2.3MB

          MD5

          4fce22116701db64a3c2ccdc151e8a03

          SHA1

          0f5bc34a7dfd10a1b9caf938de968ce73cec3ee7

          SHA256

          6124b77f2902f2097f5ddad51da16f4f6ece2ab4fa6fbc5d95a98b1fe5f768ad

          SHA512

          c7d22dfc9e6be603b086bfdd1c318bd451458cd23118d3bca10c3ab91d79bfe0ceb5684a03f6d616371fec7dddd685f9f969a84f36754082482bcb37c6bac20c

          Download Submit

        • C:\Program Files (x86)\Tales From The Paradise Park\START32.EXE
          Filesize

          1.8MB

          MD5

          35bf323a30b79012a4dc73b673045307

          SHA1

          b3603ba9f7f37696369d3dd5c8cd409e74f16335

          SHA256

          1abe21ada7541ea0798e911c2183b26551b588affeb734741fbf6586b5955fb4

          SHA512

          5fdea68fc70a300ba2b2f3fe3ee806ab13931e8733132c689f3b5a78a2331094036de955993f8dcbeb409f1ada1e230828789932a3f933a755d106ff25a58ef6

          Download Submit

        • C:\Program Files (x86)\Tales From The Paradise Park\TUTOR32.EXE
          Filesize

          1.4MB

          MD5

          324a0429fe97fc8c2c61a675d5d7955e

          SHA1

          0567493d0d7f47aaf868140134799ca9d256779c

          SHA256

          4b87a805e9d8aa5d35fd2936eac7c736272e72a15c508da7925e3b3596579de0

          SHA512

          f06c61ae1a5ee207c248b6f0312f9e820e9816846ae0efcc4acc996144d6df21cafc84e0c44bf465c3325d712af36702529c464ab3c88ef03f5909d4de73c88d

          Download Submit

        • C:\Program Files (x86)\Tales From The Paradise Park\lingo.ini
          Filesize

          68B

          MD5

          a17e27c9ee13ec6fc80bae4ae812799b

          SHA1

          68f9071fd517bba3c4f44487f5f179048f75a7d9

          SHA256

          d459183799c81027ace414873b265f40249e68503263401e3626a2ebefd1a8f0

          SHA512

          085906733bee06d75ba5e012009e4bf3ba245b7323ec06c1d732c316d4fb901a08c8eb1f42e28ff40dac21436dc55a2a220f0913cb5a68a57a5a02a6251b498c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~vis0000\ENGLISH.VLG
          Filesize

          14KB

          MD5

          14db15bfb5b2b82eff70804e2783e3e3

          SHA1

          1ca5ef10b28c77a3af6d1867dac8585e73b45604

          SHA256

          618346f8ddb959a0ac31b10c8485d8ce7d32abb7a0666d42f6ee17396b078caf

          SHA512

          613dc0c75e405cd5e0040bf5b8f7561d6d9fa7216a2703e52211fc3b46d7c4a40ebf0c286aaedfbeb2ae2fb478e4bd0caf643f2f0afa41a4b1b169c25c598469

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~vis0000\default.bmp
          Filesize

          18KB

          MD5

          f372b11ff99bffed4cd279c0155adede

          SHA1

          89cbf60925076e9a14fd48b13790422b43a5b989

          SHA256

          d9d5e28eb445e7986bdef4d409868af205d525f2f0729427dfe3e33a7251b15d

          SHA512

          e902f0d7ff0e2af64ce3e8ae6d704ec21b04b35ac3f25a9acd53938b3b66fbaa02b25e816202f165e2d7339b62d2cd6fe9f764d64eefd5b24d1a108cb4b2679f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~vis0000\rollback.log
          Filesize

          3KB

          MD5

          4c96ce07aed1b810dbdc8a4abc6e468f

          SHA1

          8ef660d35e48e5f01af73243131efc96de269eaa

          SHA256

          072ce401dbe8e38b22d4ed8ff273df41cb40e2078b3e72bc7984cad222aa985e

          SHA512

          d88ef9413d386941f52ba743e595b7539ea5580acc2a72bddb45924ff8a1ed4b8a1065c517333c56e5512afa2337f812ab570f182933b763e06b6b3c4543bf9a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~vis0000\s.bmp
          Filesize

          873KB

          MD5

          4505f97a6d39c5126924d39c4ba45b2d

          SHA1

          446942830deb604216d3106683dd9e2412d31e9d

          SHA256

          4e1d21f8b6c1028d9106a1f6534db156f76ed6f964f5e42fda5eed53d857dd59

          SHA512

          8a2a27575efbe99aa6b394710aca95916d81eb1eebafe6a6e5bbc4c73ab33a36fa7dc653b869da4209adb9e1a4bbda6a76ce2f59781bfdf09814027296c77192

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~vis0000\uninst32.exe
          Filesize

          84KB

          MD5

          88bb55b8af0435367fe9623d5d140297

          SHA1

          bbf63f68b1d3428ae6d94c161cab8ddb4cc72ef4

          SHA256

          f4c9c99b8228ee3e733179c756904c436d710bf04e78b683aa6f349b41fd06bd

          SHA512

          e59bcf9e24826a21420ea7f11ad02e7226a1f9c61cf8ee49d37bc5693f8b2e450bc1fbd4134c91cf0d241d05a8b42b59420b42e8dc3d95da79e6451600ae8fc6

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~vis0000\uninstal.log
          Filesize

          228B

          MD5

          98f18df363f3f26d35b49e1f7d1d2f4e

          SHA1

          3c553a34c0b2ebaaf702644f111b6b25f6b03357

          SHA256

          a06eb1d6fc05071d07bae9ef9d31516d77336a6d32948bf7bbed622f8c93f9f9

          SHA512

          db8e5b435807f369ae25c0cb7116aa202e74cbbed97611f479d47ea899613b587fede235f640666c43aa3486bea5aab828e1bd2540e3265d96e7cb0a119a7a9d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~vis0000\uninstal.log
          Filesize

          283B

          MD5

          0ace7834c2a7d699f55f20789fa283b6

          SHA1

          363a70f6564e762afb5b689b90a82f83145de953

          SHA256

          29c79fbc74ef6e4b0c21c41b3e270c37db661da16be22381e86076134483d981

          SHA512

          a87af1cdbad1fc0e4ddf680464c03f8ae9d8622a8f763095896da61ee6bd49ee81e9ab74f08f65bd59cc085f751c23ced735a1c344d66ae0db24f7f6c398647f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~vis0000\uninstal.log
          Filesize

          2KB

          MD5

          d55a2dccfb3a4d82b24daaa3e0122144

          SHA1

          8f37fefdcb8684efca663bf8adc24bed2e043326

          SHA256

          2f6b90dfbdc80600da45faf57c8f14ce56dbe5d32be2c63547d90affa4b70a23

          SHA512

          56f56709520e5acfed1cd6fb1e7be187e450f68e44803dd2941fef4eefd6aa35b6c9ffe7905b487de096a150720c6cad4fa638d1bad6a18cd2cac5a2b5e2c4bb

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~vis0000\uninstal.log
          Filesize

          2KB

          MD5

          1bd231acc9ee44b3474e91f3505e807c

          SHA1

          c7446f64778d302db8a721d9b88caa8ccd66f051

          SHA256

          8013a2b6105c9aa033c17a544f28b5df9683bb9e598ab1cb6cea65d36605bc1f

          SHA512

          7558becc64d8045f0a590d76524c0677deb3e9531dc8169a55505146d54fa9fe2ea740c2e7c1dcc3209280868808b71e7127c2b088fb5df1f17fc29f8f5ef75c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~vis0000\uninstal.log
          Filesize

          2KB

          MD5

          6bf6597df03330999187072524bd4486

          SHA1

          7894e224e9ab7d66f244a521d19c78eabd882b2b

          SHA256

          d16693325eba2fa09c4aaee71fb9b7acf822062f53e595f81de32be20e002bab

          SHA512

          322a6f468f5a98646e78aba1811e06aaacf513c7e9a17d68c13e3cc60473cfc08bddb016cf5d3ff10b098af4f00887262560eb86bf6ed9c6c76fe3a469588eb8

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~vis0000\uninstal.log
          Filesize

          2KB

          MD5

          06f1708f2ba80ff25557dc8e3d00cff3

          SHA1

          81fe52910e17b680a47500d2487d2ae1afc2e2b0

          SHA256

          bc2ebd8150e1cd23bd751809d27f7e89b9bcb9f4cf400e4cde8838d16ed89eb0

          SHA512

          6adce18c70df8cb9815725cdb70d7be3bdc11b04b1ee47fa255341d8e84402523f9444dbadcd9a151de66bdb7155fef986734cfb01d627e4011afb2a6881df25

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~vis0000\uninstal.log
          Filesize

          2KB

          MD5

          2d192b70227126837ce0286fb050deb6

          SHA1

          49f6598edb373124e1dadc71997ae9f8184cd807

          SHA256

          857c254e935eabbd2fe8e9c59960f2ef1fa67d6a45b353311557b718fb66c657

          SHA512

          a7fe97b077ad996ded256e06d42a22fde5485ef91e2df90429a50fefa81566f93e43987ad62bf7bc2b977913dfec0010cb93b57574955eb165dd517e70d64902

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~vis0000\uninstal.log
          Filesize

          2KB

          MD5

          905cbbbd86a21af392faac494ddd3bba

          SHA1

          b400227098d86de3979f4b863d0960c0cc77a023

          SHA256

          692ced52f0eba882032e24d30a09a28ddbc14ec88d933e37f6d5b08dcbe38330

          SHA512

          bb10e9bc0c4364ecfb816227d744ad319d38116bc321407b96235084f90c2d6e5625c54ea96677fd674ada8818ee9e99f578c1f0069e40666d9884a97d3ce802

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~vis0000\uninstal.log
          Filesize

          2KB

          MD5

          2b8ae38f264e8005daf24d5fffb2160d

          SHA1

          7d2283fd568886a8b3031e73d519746cd616cfee

          SHA256

          372758fd5fb6f887fa57c7db568c56b898785b9f72602343fc570826cb49595b

          SHA512

          dde94c84a8d4b992d4adff09df7b892e8ea2e0b59847505adeeb7ff1724503fd8183e8b8f3c78d32d3900107c623408bd614d7bf8986f70d086c42465c86c086

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~vis0000\uninstal.log
          Filesize

          2KB

          MD5

          da4b705346f7d0b5f8c755c35b5830e7

          SHA1

          dac9fd3419bd619efa402e3243ee8738d535056e

          SHA256

          4f58f427ea262c428d8193aa5721e114b65af0d7b2561a6934d475b650749ad8

          SHA512

          d9206ecb34a80781d24b4c15e5bc4cbc167177574e749068630feb88befcd2ec9823c35e754485a3ade83b5cb3f43a9b8b9b79c19c6c8c0fe4b68ec90644790f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~vis0000\uninstal.log
          Filesize

          3KB

          MD5

          63e73ebc457e5e7f1f12758f43f97ff1

          SHA1

          e0b2976f16040e40168e52d9a1c783519ec17387

          SHA256

          e1687c3a933a299f80cf01afc74c2b300bbb56c409b4ee7a24071c2155c854a2

          SHA512

          448e7db29ebd86cc2c177a0a1c5b6af64bd1d3702e76581c8b1a1702fae66a7ebe2337f17c196d42b65f099d7a50e4bf0559ee014ae47c173b701dfd91f14b38

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~vis0000\uninstal.log
          Filesize

          3KB

          MD5

          da211313981621476a11c2b73d68a7a5

          SHA1

          735166ff363cc4546b9924c09635dc1aa92ad6db

          SHA256

          b670e16a35bdcc03b2e76d686f6dd0b01fb8e28842635b4566835c5828ff33bf

          SHA512

          63555f52965e665f0643d02843685b7c0bf2fe2d2ea8a29db5bdb2ffb382f72297c9856d8e39bab87cc4ad449592361a13f603fa439f11e085b9b5161f1befd6

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~vis0000\uninstal.log
          Filesize

          4KB

          MD5

          098620c156aeef6d0a1d9376fc8208fc

          SHA1

          4cacb0c7f7a8084694d574e2f09fb3668d4e2a2f

          SHA256

          7e3d9401761b0f4396e0c2fe5344d40cef19ffc3639c3fd443ff693beb34fd33

          SHA512

          d3c60c4d0045cdc19a9d0729ef2d2e33165942d5a6449b3028e5f08f888ed606313597f8149a5bf967a698bf23ac178b08f372f1d4ad7f530aca4457d5ce3587

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~vis0000\vise32ex.dll
          Filesize

          484KB

          MD5

          2564bfbb4c3379d594aa04daa9596d0c

          SHA1

          790af8931c5bc27c9c2fb40050b8a14d46ef6828

          SHA256

          46f675aea3e66e2d65e3fb8821d94d8c468e91d4a27b09d25b1f25a9b27aa8a9

          SHA512

          b0ff9a51121d47d00e707fb95f88311abeb261e36fe8624117a99b4ece34473f4005fd8f71a6ebda2e9c7ee80d5fe947522e320a858fd19256ca041c7dcf6d3d

          Download Submit

        • memory/2444-838-0x0000000000820000-0x0000000000821000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2444-839-0x0000000000400000-0x0000000000497000-memory.dmp

          Filesize

          604KB

          Download

        • memory/2444-845-0x0000000000400000-0x0000000000497000-memory.dmp

          Filesize

          604KB

          Download

        • memory/2628-0-0x0000000000640000-0x0000000000641000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2628-47-0x0000000000400000-0x0000000000497000-memory.dmp

          Filesize

          604KB

          Download

        • memory/2672-832-0x0000000000400000-0x0000000000536000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2672-834-0x0000000000400000-0x0000000000536000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2672-837-0x0000000000400000-0x0000000000536000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4912-848-0x0000000000400000-0x0000000000536000-memory.dmp

          Filesize

          1.2MB

          Download