Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
05/04/2024, 11:13
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe
-
Size
5.7MB
-
MD5
1f23f1ef5f4b21ee6b09226d4f790c0b
-
SHA1
ec85e4c55c0681e33517b202473aec2b0ee6f8f0
-
SHA256
440edec370c7af618f15bcf3f0993e5578e13f351968a718589b63fb92270d16
-
SHA512
dc9c5b97755d124595a2d01204dc5189382c8f06a085c119c3de8ca61b5ffba2d9782d40afa720ffae14c91c3170f5691fbff619eb04329d936dec8d9b965a80
-
SSDEEP
98304:+dHMC+By0AOzWeGlPCk2IabgwxXQ6lXtGscl5M1QN7pA2q7NOLFkV5idpw:+/SACkCkyhXQ6ldGsTQN7pDhkjirw
Malware Config
Signatures
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions 2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 2888 2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe 2888 2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe 2888 2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe 2888 2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe 2888 2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe 2888 2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe 2888 2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe 2888 2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe 2888 2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe 2888 2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe 2888 2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe 2888 2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeShutdownPrivilege 2888 2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe Token: SeShutdownPrivilege 2888 2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe Token: SeShutdownPrivilege 2888 2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2888 2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 2888 2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe"1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2888
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
652B
MD559ee2b412e390f06919afb0bf5401014
SHA163664dfbd71b4fc090b13e363c049e1388333b30
SHA25696c91cf6a0a092c73373c6adccd4fee194fc0f9851ab92b619fb0ea3138bf9e0
SHA512afd08747c525dff8615a615cd911c5a7d937294240400cb8e59b6db20d34b76ecf3b4b2255abffd588b80b4d709dc1c3103cabc9728ff6710803304a950897ca
-
Filesize
5KB
MD55738ff75d908725f2954c833d4087438
SHA1657c30c97c39de6220abe8ff568811ac32b38f95
SHA256040ee58fc494bde65299531c58c7c9a894fc766697fd6dd023bcd4a7bd995502
SHA5120a2b11030825b7feea35ae1b5091e3db2a969e43bf94db6d7e71a8116b482355309490deece9f748cbe5e0c02c20af954eb9ad7ed38e64b0ae7e399e5c018855