Analysis
-
max time kernel
147s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
31/03/2024, 11:44
Behavioral task
behavioral1
Sample
2024-03-31_cfe3c5d7be1b71bc6cc4c9b944a6dc54_magniber.exe
Resource
win7-20240215-en
4 signatures
150 seconds
General
-
Target
2024-03-31_cfe3c5d7be1b71bc6cc4c9b944a6dc54_magniber.exe
-
Size
27.5MB
-
MD5
cfe3c5d7be1b71bc6cc4c9b944a6dc54
-
SHA1
e66a13f9f1230f344968f657e53d17a91af82ec2
-
SHA256
a9dd6c8ae44116a361b3ecbf2158d6ab92a4696858f72a3502fadccf5519b338
-
SHA512
746f733e3f9610e3401c4e6090a6179cd07b9e98c9d0c278c6e13f2e99d226dcd21ef631dab17bafc96b5dbeb45ecfbb5a10256ccf415870df0e79ff37380f5c
-
SSDEEP
786432:wioV8Rw7hhT9Yor0/xynXN6zBHVrh1Zs8aU6TA4bG:wioV8RkhhT9YorUydmry87yG
Malware Config
Signatures
-
Detects executables packed with VMProtect. 2 IoCs
resource yara_rule behavioral2/memory/4052-8-0x00000000005D0000-0x00000000023AE000-memory.dmp INDICATOR_EXE_Packed_VMProtect behavioral2/memory/4052-9-0x00000000005D0000-0x00000000023AE000-memory.dmp INDICATOR_EXE_Packed_VMProtect -
Program crash 1 IoCs
pid pid_target Process procid_target 2728 4052 WerFault.exe 86 -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4052 2024-03-31_cfe3c5d7be1b71bc6cc4c9b944a6dc54_magniber.exe 4052 2024-03-31_cfe3c5d7be1b71bc6cc4c9b944a6dc54_magniber.exe 4052 2024-03-31_cfe3c5d7be1b71bc6cc4c9b944a6dc54_magniber.exe 4052 2024-03-31_cfe3c5d7be1b71bc6cc4c9b944a6dc54_magniber.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-31_cfe3c5d7be1b71bc6cc4c9b944a6dc54_magniber.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-31_cfe3c5d7be1b71bc6cc4c9b944a6dc54_magniber.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4052 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 8202⤵
- Program crash
PID:2728
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4052 -ip 40521⤵PID:1112