Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

2024-02-19...er.exe

windows7-x64

8

2024-02-19...er.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    91s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/02/2024, 01:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-19_357f5ed6f1f2124eb1bafe166a26de6d_magniber.exe

  • Size

    3.8MB

  • MD5

    357f5ed6f1f2124eb1bafe166a26de6d

  • SHA1

    30546cb222ab1e0bdf8774fca0010002c22f4f4b

  • SHA256

    54b26a9b95ed1fcf9f314705326208619c439e9b0d02a51892ed791ef1dabdff

  • SHA512

    33df233d4bd6253195af524510299810c6a9b4b96a12dd05f9bdfa1576e17d4025da5daaac65d87a0fb8e04b977db4fedcfd05534676a6a3854ff71dae0f9798

  • SSDEEP

    98304:4TgNv5QiVxgbtIM/0cKZP5Cj0qhvcGx6OEKG0cC6g6v66666ES66666E6kD6666l:v/kykj0qh0Gx6gG0cC6g6v66666ES66R

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 3 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-19_357f5ed6f1f2124eb1bafe166a26de6d_magniber.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-19_357f5ed6f1f2124eb1bafe166a26de6d_magniber.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4504
    • C:\Users\Admin\AppData\Local\Temp\3FC8.tmp.exe
      C:\Users\Admin\AppData\Local\Temp\3FC8.tmp.exe
      2⤵
      • Executes dropped EXE
      PID:1876
    • C:\Users\Admin\AppData\Local\Temp\3FD9.tmp
      C:\Users\Admin\AppData\Local\Temp\3FD9.tmp -insta
      2⤵
      • Drops file in Drivers directory
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1476
      • C:\Windows\system32\sc.exe
        C:\Windows\system32\sc.exe start gzskt
        3⤵
        • Launches sc.exe
        PID:4940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3FC8.tmp.exe
    Filesize

    51KB

    MD5

    b9faa132cf40132007a0ea1591ddf187

    SHA1

    4918ee962a60eb230b151e4e6d8f1edeb9754bcb

    SHA256

    8e219991a3e5132e365f1c079a4985bc2fb187abaca634eec49f62005e254596

    SHA512

    baec7e4064444e4f137b1ad7c4ddb0409bc1e0ea1dfd69fd323d05a213e2a0b24dc21fcf3aad6d3508e1d6803402b10276d82ec11a3fec304a51d6b82631fb46

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3FD9.tmp
    Filesize

    2.7MB

    MD5

    d7e202580243743ae6838ae3e1363074

    SHA1

    e4dae68e0152f23417c826158e990ef8edf1c2ea

    SHA256

    397ea3319c50a3a623aa0cd9415c39001565836b794cc607e9353648cb250d0b

    SHA512

    b8174639e4e768f722a3b4ce24a4cd36c470ca5aa991e05429f958a975ecd59624da79f6ec2d4b325073bb31081af099efb9d33f7ebbb6c4c61e05468db9ddac

    Download Submit

  • memory/1876-5-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1876-7-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1876-28-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download