Overview

overview

9

Static

static

3

2024-04-05...il.exe

windows7-x64

9

2024-04-05...il.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    05-04-2024 11:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-05_4ffde214718a13f43f3c3f6145affb31_magniber_revil.exe

  • Size

    5.7MB

  • MD5

    4ffde214718a13f43f3c3f6145affb31

  • SHA1

    93768bc2b0a7d3ceaf59adcaf67bbb7becd31068

  • SHA256

    10319bfdfcf1ada18cb95aeb0d90d142fb023dbdd492ff15c87591678ff3f901

  • SHA512

    2858ba717a0d4a0313754650286a3a8fd2acd66bff3f878d2309da1a638b0dbaefc8582aeda92e111dce8321be050e634a0935571b8cd32ca5a29ccc22bd10c0

  • SSDEEP

    98304:2pHLE2ZzvfYXkpj+LGXpZevNpuEOZu3qOFs9f6Mby2a905tq7NJ3vY9zzJ:upz+LrvbOZu3pFs1y2a9YafY9zV

Score
9/10
evasion

Malware Config

Signatures

  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-05_4ffde214718a13f43f3c3f6145affb31_magniber_revil.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-05_4ffde214718a13f43f3c3f6145affb31_magniber_revil.exe"
    1⤵
    • Looks for VirtualBox Guest Additions in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2136

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2136-0-0x0000000000920000-0x0000000000EDE000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2136-2-0x0000000000920000-0x0000000000EDE000-memory.dmp

    Filesize

    5.7MB

    Download