440edec370c7af618f15bcf3f0993e5578e13f351968a718589b63fb92270d16

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
05/04/2024, 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe
Size

5.7MB
MD5

1f23f1ef5f4b21ee6b09226d4f790c0b
SHA1

ec85e4c55c0681e33517b202473aec2b0ee6f8f0
SHA256

440edec370c7af618f15bcf3f0993e5578e13f351968a718589b63fb92270d16
SHA512

dc9c5b97755d124595a2d01204dc5189382c8f06a085c119c3de8ca61b5ffba2d9782d40afa720ffae14c91c3170f5691fbff619eb04329d936dec8d9b965a80
SSDEEP

98304:+dHMC+By0AOzWeGlPCk2IabgwxXQ6lXtGscl5M1QN7pA2q7NOLFkV5idpw:+/SACkCkyhXQ6ldGsTQN7pDhkjirw

Score

9^/10

evasion

Malware Config

Signatures

Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions	2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2888	2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe
2888	2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe
2888	2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe
2888	2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe
2888	2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe
2888	2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe
2888	2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe
2888	2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe
2888	2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe
2888	2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe
2888	2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe
2888	2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2888	2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe
Token: SeShutdownPrivilege	2888	2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe
Token: SeShutdownPrivilege	2888	2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2888	2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2888	2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-05_1f23f1ef5f4b21ee6b09226d4f790c0b_magniber_revil.exe"
1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
652B

MD5
59ee2b412e390f06919afb0bf5401014

SHA1
63664dfbd71b4fc090b13e363c049e1388333b30

SHA256
96c91cf6a0a092c73373c6adccd4fee194fc0f9851ab92b619fb0ea3138bf9e0

SHA512
afd08747c525dff8615a615cd911c5a7d937294240400cb8e59b6db20d34b76ecf3b4b2255abffd588b80b4d709dc1c3103cabc9728ff6710803304a950897ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
5KB

MD5
5738ff75d908725f2954c833d4087438

SHA1
657c30c97c39de6220abe8ff568811ac32b38f95

SHA256
040ee58fc494bde65299531c58c7c9a894fc766697fd6dd023bcd4a7bd995502

SHA512
0a2b11030825b7feea35ae1b5091e3db2a969e43bf94db6d7e71a8116b482355309490deece9f748cbe5e0c02c20af954eb9ad7ed38e64b0ae7e399e5c018855

Download Submit