Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12-03-2024 10:35
Static task
static1
Behavioral task
behavioral1
Sample
2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe
-
Size
5.0MB
-
MD5
78fd1a74f6554015f37871b849249439
-
SHA1
5ece33105aae923c124706ec153fb7aad7d777ff
-
SHA256
959d2659155808671dc3cacd98d5a6e54ce3c1034375e2181c58e440460e5b9f
-
SHA512
388e0355682b975552838ce00396d243ccd779c0abc7beb4bed7b908ee3726e2dbdafaa7d1b8c8cebf51d3f1ba8300854fc5d865c9d1524aa07a5b91a0c0d893
-
SSDEEP
98304:8BDTQ10ut8c9FUYuUKNLb99cOvXwbfD6bCPtrki1Pii0JXcH:8BDc1/QDN39OOIbWSeiBii0J
Malware Config
Signatures
-
Banload
Banload variants download malicious files, then install and execute the files.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe -
Modifies registry class 7 IoCs
Processes:
2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78C71FEC-9C1E-4F23-DFDA-9D0FA541BD42}\Verb\0\ = "&Edit,0,2" 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78C71FEC-9C1E-4F23-DFDA-9D0FA541BD42}\Verb\1 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78C71FEC-9C1E-4F23-DFDA-9D0FA541BD42}\Verb\1\ = "&Open,0,2" 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78C71FEC-9C1E-4F23-DFDA-9D0FA541BD42} 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78C71FEC-9C1E-4F23-DFDA-9D0FA541BD42}\ = "Appointment Management Module" 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78C71FEC-9C1E-4F23-DFDA-9D0FA541BD42}\Verb 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78C71FEC-9C1E-4F23-DFDA-9D0FA541BD42}\Verb\0 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exedescription pid process Token: 33 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe Token: SeIncBasePriorityPrivilege 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe -
Suspicious use of FindShellTrayWindow 5 IoCs
Processes:
2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exepid process 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe -
Suspicious use of SendNotifyMessage 5 IoCs
Processes:
2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exepid process 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
Processes:
2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exepid process 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe 2336 2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-12_78fd1a74f6554015f37871b849249439_magniber.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2336
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD541978153ef8c90adb045b0aa332f5a67
SHA1ee340ad54360a1d01e72c2a92cac985af95ed5a4
SHA256812c6c9f6abdd345ca67fbd6ace93c7f0ce6a5878332d34e134e82fcee9bfd68
SHA5128c43a8aae6362e2c89f18f596d15aa8841c435dce4adea1dd5d7757e778bff3b2b7c7ba4ff43cf18dbc2b885fb512ba935524f0f3bd85245ddccd14834ec9595
-
Filesize
18KB
MD56cb44002258871fd72a9fdc8450035d1
SHA170eb449dd73b19ca9a54d1a5ed11fc18cf60380d
SHA2560ce52042d83421360ce6a5f3e4adba9de9f9235f2f6293fe41d6d82c6f340c11
SHA512583d7d18087b85273ab794731067303d92198af3390ab94da5a0e8ec8c66652c9dc85d0fb699a48033f8b8fbe52ab24309706139fbbe49e5cef6b0f65b7b55be