Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
24-02-2024 09:44
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exe
Resource
win10v2004-20240221-en
General
-
Target
2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exe
-
Size
7.0MB
-
MD5
2fc4239c14fcc9fc01bc19e3466d6bc2
-
SHA1
1f3528193ca6b45b32bd57ff64f849abd0277609
-
SHA256
2c25d330978cd999331df479a65b089e78102fd191f59b128ccae63d06ae55bb
-
SHA512
356d0cae1d1bbdf8fc97da7737d282f376a15ddaa38a02549a7943970a4103f76bbc092b3126d94858b305a44c3657dabee6fa29cff1f193a8b3117fcadd6bd3
-
SSDEEP
98304:K26SCs1yfNM5Rt5ApFvglN+QGfX89Hz0rXBEF9ltAbJ:K26SRkfwAJfs9gyrn
Malware Config
Signatures
-
Banload
Banload variants download malicious files, then install and execute the files.
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate 2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exe -
Modifies registry class 2 IoCs
Processes:
2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5425BD02-A4EB-C967-D418-70CFEEE80BA4} 2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5425BD02-A4EB-C967-D418-70CFEEE80BA4}\ = "Outlook FAT Management Module" 2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exedescription pid process target process PID 1288 wrote to memory of 1784 1288 2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exe 2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exe PID 1288 wrote to memory of 1784 1288 2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exe 2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exe PID 1288 wrote to memory of 1784 1288 2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exe 2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exe PID 1288 wrote to memory of 1784 1288 2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exe 2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exe PID 1288 wrote to memory of 1784 1288 2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exe 2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exe PID 1288 wrote to memory of 1784 1288 2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exe 2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1288 -
C:\Users\Admin\AppData\Local\Temp\2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-24_2fc4239c14fcc9fc01bc19e3466d6bc2_magniber.exe"2⤵
- Checks BIOS information in registry
- Modifies registry class
PID:1784