c550b13f36a7b39b3b16fc0bb0b7467ccce868c194caad57318ed383c728b09c

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/04/2024, 05:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-04-06_c366b0e01fd724e1f9a895e6036d2343_magniber.exe
Size

5.3MB
MD5

c366b0e01fd724e1f9a895e6036d2343
SHA1

92f84bfd479e5ba7a8520223731820c52a2d1b61
SHA256

c550b13f36a7b39b3b16fc0bb0b7467ccce868c194caad57318ed383c728b09c
SHA512

9eb21f27b4818adc9311a8a9224da7f8f33c6e3f81a274648eebcde2c02cb9c568de7521ce37ef7946a7c96436aa4653994f1ad8afd9d80eb7d1333b241f36c6
SSDEEP

98304:6EOyPG2aTEhEfoUUUWc7tdRMPv6Pq4xgsmkMU86HBEgs43gr:wyunEeM6duC/GsgUlHS

Score

9^/10

evasion

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	2024-04-06_c366b0e01fd724e1f9a895e6036d2343_magniber.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2056	2024-04-06_c366b0e01fd724e1f9a895e6036d2343_magniber.exe
2056	2024-04-06_c366b0e01fd724e1f9a895e6036d2343_magniber.exe
2056	2024-04-06_c366b0e01fd724e1f9a895e6036d2343_magniber.exe
2056	2024-04-06_c366b0e01fd724e1f9a895e6036d2343_magniber.exe
2056	2024-04-06_c366b0e01fd724e1f9a895e6036d2343_magniber.exe
2056	2024-04-06_c366b0e01fd724e1f9a895e6036d2343_magniber.exe
2056	2024-04-06_c366b0e01fd724e1f9a895e6036d2343_magniber.exe
2056	2024-04-06_c366b0e01fd724e1f9a895e6036d2343_magniber.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2056	2024-04-06_c366b0e01fd724e1f9a895e6036d2343_magniber.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-06_c366b0e01fd724e1f9a895e6036d2343_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-06_c366b0e01fd724e1f9a895e6036d2343_magniber.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:2056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Tencent\QQPCMgr\QQPCMgrInstall_20240406050420.Log

Filesize
1KB

MD5
38f323637ab39d90604c9d7a2bf3a7fc

SHA1
a6ba0755ba9f9c857c4d20fe6973b5043bcecd53

SHA256
d22cb1cc15d67417b3c6395198f3e3a83bb36ea4d01d78975ed21ea3002e3624

SHA512
3e8207bdbea56864236e6d45ebc3d4f889a8008f0f1766940c917428c1f869ea056157760ec75337dfc91be7567be6d7d34fadb8a18f661f8aff54ae89345a24

Download Submit
memory/2056-15-0x0000000002950000-0x0000000002951000-memory.dmp

Filesize
4KB

Download
memory/2056-23-0x0000000002950000-0x0000000002951000-memory.dmp

Filesize
4KB

Download