Overview

overview

8

Static

static

3

2024-02-19...er.exe

windows7-x64

8

2024-02-19...er.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    142s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/02/2024, 02:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-19_f49a2f8aadcb8df20412da16e0a48fee_magniber.exe

  • Size

    3.8MB

  • MD5

    f49a2f8aadcb8df20412da16e0a48fee

  • SHA1

    98116d405c7ad8d02890039e04b156c0b8f48917

  • SHA256

    0a8e46292423f570d349a4d4075e2d0b04a367c3e078f0bbc9c0ede2241d1061

  • SHA512

    6ce0a22c287093c0931863833ae3588170541f36afe50199045a285f557d5f52c859ae41c0258d4aa7c1e0655f87065df4ebbacbad456d2b4b83fad088e174e7

  • SSDEEP

    98304:/TgNv5QiVxgbtIM/0cKZP5Cj0qhvcGx6OEKG0cC6g6v66666ES66666E6kD6666p:Q/kykj0qh0Gx6gG0cC6g6v66666ES66N

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 3 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-19_f49a2f8aadcb8df20412da16e0a48fee_magniber.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-19_f49a2f8aadcb8df20412da16e0a48fee_magniber.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2140
    • C:\Users\Admin\AppData\Local\Temp\700F.tmp.exe
      C:\Users\Admin\AppData\Local\Temp\700F.tmp.exe
      2⤵
      • Executes dropped EXE
      PID:3276
    • C:\Users\Admin\AppData\Local\Temp\7030.tmp
      C:\Users\Admin\AppData\Local\Temp\7030.tmp -insta
      2⤵
      • Drops file in Drivers directory
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4520
      • C:\Windows\system32\sc.exe
        C:\Windows\system32\sc.exe start veipkm
        3⤵
        • Launches sc.exe
        PID:960

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\700F.tmp.exe
          Filesize

          51KB

          MD5

          b098a1bdaedd4a63653ec7ff2efe39b6

          SHA1

          da1e1656c66b5dcd6c1af48c5aab5712bd4d6c4b

          SHA256

          d50693928c7815a834142c2e33060f2a3af6f4b89d3425eb46d8ad6c6c5eae3e

          SHA512

          493364f65af809d31c38f7ef71a02761f5ced6eb1d38ebc405af127146136844c2349319daca446e441d6c8b3c834f7625743d27d5310787f2bfa629cd43b740

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7030.tmp
          Filesize

          2.7MB

          MD5

          d7e202580243743ae6838ae3e1363074

          SHA1

          e4dae68e0152f23417c826158e990ef8edf1c2ea

          SHA256

          397ea3319c50a3a623aa0cd9415c39001565836b794cc607e9353648cb250d0b

          SHA512

          b8174639e4e768f722a3b4ce24a4cd36c470ca5aa991e05429f958a975ecd59624da79f6ec2d4b325073bb31081af099efb9d33f7ebbb6c4c61e05468db9ddac

          Download Submit

        • memory/3276-4-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3276-6-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3276-28-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

          Download