Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
31/03/2024, 11:44
Behavioral task
behavioral1
Sample
2024-03-31_cfe3c5d7be1b71bc6cc4c9b944a6dc54_magniber.exe
Resource
win7-20240215-en
4 signatures
150 seconds
General
-
Target
2024-03-31_cfe3c5d7be1b71bc6cc4c9b944a6dc54_magniber.exe
-
Size
27.5MB
-
MD5
cfe3c5d7be1b71bc6cc4c9b944a6dc54
-
SHA1
e66a13f9f1230f344968f657e53d17a91af82ec2
-
SHA256
a9dd6c8ae44116a361b3ecbf2158d6ab92a4696858f72a3502fadccf5519b338
-
SHA512
746f733e3f9610e3401c4e6090a6179cd07b9e98c9d0c278c6e13f2e99d226dcd21ef631dab17bafc96b5dbeb45ecfbb5a10256ccf415870df0e79ff37380f5c
-
SSDEEP
786432:wioV8Rw7hhT9Yor0/xynXN6zBHVrh1Zs8aU6TA4bG:wioV8RkhhT9YorUydmry87yG
Score
9/10
Malware Config
Signatures
-
Detects executables packed with VMProtect. 2 IoCs
resource yara_rule behavioral1/memory/1756-24-0x0000000000390000-0x000000000216E000-memory.dmp INDICATOR_EXE_Packed_VMProtect behavioral1/memory/1756-33-0x0000000000390000-0x000000000216E000-memory.dmp INDICATOR_EXE_Packed_VMProtect -
Program crash 1 IoCs
pid pid_target Process procid_target 2744 1756 WerFault.exe 27 -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1756 2024-03-31_cfe3c5d7be1b71bc6cc4c9b944a6dc54_magniber.exe 1756 2024-03-31_cfe3c5d7be1b71bc6cc4c9b944a6dc54_magniber.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1756 wrote to memory of 2744 1756 2024-03-31_cfe3c5d7be1b71bc6cc4c9b944a6dc54_magniber.exe 28 PID 1756 wrote to memory of 2744 1756 2024-03-31_cfe3c5d7be1b71bc6cc4c9b944a6dc54_magniber.exe 28 PID 1756 wrote to memory of 2744 1756 2024-03-31_cfe3c5d7be1b71bc6cc4c9b944a6dc54_magniber.exe 28 PID 1756 wrote to memory of 2744 1756 2024-03-31_cfe3c5d7be1b71bc6cc4c9b944a6dc54_magniber.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-31_cfe3c5d7be1b71bc6cc4c9b944a6dc54_magniber.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-31_cfe3c5d7be1b71bc6cc4c9b944a6dc54_magniber.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1756 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 3922⤵
- Program crash
PID:2744
-