Overview

overview

7

Static

static

3

2024-04-10...er.exe

windows7-x64

5

2024-04-10...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    164s
  • max time network
    173s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/04/2024, 05:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-10_821fefdab4e4353bcd93ae8a4e6db32a_magniber.exe

  • Size

    1.3MB

  • MD5

    821fefdab4e4353bcd93ae8a4e6db32a

  • SHA1

    af51c53f8f050419c4f89c954e39edffb04911dd

  • SHA256

    1d54aba417990c3d1fc5016be5a8e30f1831f7dde9d54f519ca4e9d6c81a0d42

  • SHA512

    b6d890d03315a34331d997709cc0803dbf25101d8a9a0ca3117e3e6aad98d12d267960989f4f2451c357b7473aaa2d2fd05713698689ee7ffdf292793b04a04b

  • SSDEEP

    24576:M1JJ3merT5EhVzhBD8uXTTTN+Y1TSZD38VvhYPj5Xl7oDNT5jZ3:ymeaVzrDlXTTTNBTSh3Fj5Ngb9

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in System32 directory 9 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-10_821fefdab4e4353bcd93ae8a4e6db32a_magniber.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-10_821fefdab4e4353bcd93ae8a4e6db32a_magniber.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:3344
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4320
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:4620
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:3872
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:864
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:2212
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      PID:1180
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:1708
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4232 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:1740

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe
              Filesize

              2.2MB

              MD5

              bf0a066c69e5b87dc9debada3d88f8c0

              SHA1

              a3445d910dea23a540f020c3c5fe46ee337d8e7a

              SHA256

              c3cd8e46a3ee4458d6dea3f578e79494006e063afbf9d2032204be61f3a9650b

              SHA512

              266f31f1013e1f28ee1c6fedad634916dbe10b278fded30188852eb63e0c8a09fbd95c8aaec038c1b96a1494381b7d4638359e1e595e05682b3871dafc8bd54d

              Download Submit

            • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
              Filesize

              1.7MB

              MD5

              9a6873e12dfbfe6215835cf5143811ce

              SHA1

              b8948c33beea6ee347c12a8753474dff813965b2

              SHA256

              09f15cab06d9b2d7f16762c2dd887721022812fa2f8a1579a43789e18543a70a

              SHA512

              e095ead15939e0647bb5e2c644d68458efa5bc79d819eeb818c56fd7ab60eef23f27964cd4bb0377b59190d6f6b714c9132780fab5cef93498b7fd09e06651f3

              Download Submit

            • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
              Filesize

              1.7MB

              MD5

              ccb98aa1d14c80d0de4ba66fa7cc5d4b

              SHA1

              e9cd3683ccf03219cb33ef8493abf2897ffeab42

              SHA256

              b841b2f53dd90cd80ed380b46132bf3b60193222693c7cdf23c4a060f44ae4b7

              SHA512

              4f18cf91eb3b05bfda4d4e644d5c82ee25b4c9155d3cef982b6a902d376f0e230485edddaeae5421d6e73ba62492b807aa6b43ae883823b919589f0db9ffa343

              Download Submit

            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
              Filesize

              2.1MB

              MD5

              8342b6013a9924f0cc96e1db11903213

              SHA1

              741d5acfbea8177a802e660694e2970e34ff1e1a

              SHA256

              4cd679060a0f2104c1bcda6fb58afc01855dadf8f94f8f14a6e3a2088eff5219

              SHA512

              b3c4c443de84ad2570c95cf90184d0b2c3d9ad98200bfb970235c3e44399406fd4c344e52328b55bf0a994c4ab956dda16593d1ac74290af2583825aca8a82cb

              Download Submit

            • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
              Filesize

              1.6MB

              MD5

              0d96f9209b67334c6fa27e7f26f6fcd5

              SHA1

              3620e054ba05b8ca0b88c30c5878ce47e2e357f5

              SHA256

              f28e17d660161994d8e532292d1e52e664cff8d3f9b651c24ee0df59606bc475

              SHA512

              e0d5b6aaf1f615d9b6a747ad478dcae3126782a677fae19c17c18b4fbed577c80aea98401eb61bb16c1f91c54aeb711eeac3ae31b151782142dd7e53c0afc53a

              Download Submit

            • C:\Windows\System32\FXSSVC.exe
              Filesize

              1.2MB

              MD5

              a9c7fffbf2620af2de33c20b34259467

              SHA1

              bf460e48f597d01c3d9efcf7dc29ec9aeb2f4ebe

              SHA256

              e62a73ee2c9df26d6b20d56860a9334312bb7e9f75160f1176baa68d157710d4

              SHA512

              593805b6f10fbeac4b37622f291df02b3f2844d85cd03598e0e67b41cd6ee72418617237448ee63763e6c520b393901186061d07558cd3dfbcae004831be0933

              Download Submit

            • C:\Windows\System32\alg.exe
              Filesize

              1.6MB

              MD5

              148eb5af11c49c023f5cdd9304076af7

              SHA1

              782fc61c299e72523a8d4e38b4a8d2e3a3e7da6b

              SHA256

              2f47eaf469c8b9d7fa38c55d2863114cb5b80f1d90c80937d6bfd1afe4969d99

              SHA512

              e36eba00565aa222569a9ad5eaea19eae14cac0dfb79d2cb9dedb8db110865656202739ff2830f05716acb34f9443dde66cb51a9a29433aa9c5db27be382b740

              Download Submit

            • C:\Windows\system32\AppVClient.exe
              Filesize

              1.3MB

              MD5

              b4d7bd45a7fc283a3b88e5fe8a5faee8

              SHA1

              474a4ef97c21f90471a6998077830e8128470d4a

              SHA256

              f14fc0b4c77b0aa28896d70bddeae3c9967b9461b1cde665330d0724cc02f3b6

              SHA512

              bf8e652608c35fa89b0e8c18b9be73b677ee0fd3535293cac0386bd08406daeb17cf3b155e198fddf98ce27b2489f75f5ac9365eff319f3ffbddb145d8ae3e74

              Download Submit

            • memory/864-50-0x0000000140000000-0x0000000140135000-memory.dmp

              Filesize

              1.2MB

              Download

            • memory/864-47-0x0000000000E90000-0x0000000000EF0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/864-45-0x0000000000E90000-0x0000000000EF0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/864-39-0x0000000000E90000-0x0000000000EF0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/864-38-0x0000000140000000-0x0000000140135000-memory.dmp

              Filesize

              1.2MB

              Download

            • memory/1180-78-0x0000000000CD0000-0x0000000000D30000-memory.dmp

              Filesize

              384KB

              Download

            • memory/1180-71-0x0000000000CD0000-0x0000000000D30000-memory.dmp

              Filesize

              384KB

              Download

            • memory/1180-79-0x0000000140000000-0x00000001402AF000-memory.dmp

              Filesize

              2.7MB

              Download

            • memory/1180-82-0x0000000000CD0000-0x0000000000D30000-memory.dmp

              Filesize

              384KB

              Download

            • memory/1180-84-0x0000000140000000-0x00000001402AF000-memory.dmp

              Filesize

              2.7MB

              Download

            • memory/1708-88-0x00000000004F0000-0x0000000000550000-memory.dmp

              Filesize

              384KB

              Download

            • memory/1708-91-0x0000000140000000-0x00000001402B4000-memory.dmp

              Filesize

              2.7MB

              Download

            • memory/1708-96-0x00000000004F0000-0x0000000000550000-memory.dmp

              Filesize

              384KB

              Download

            • memory/1708-154-0x0000000140000000-0x00000001402B4000-memory.dmp

              Filesize

              2.7MB

              Download

            • memory/2212-52-0x0000000000C40000-0x0000000000CA0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/2212-54-0x0000000140000000-0x0000000140237000-memory.dmp

              Filesize

              2.2MB

              Download

            • memory/2212-59-0x0000000000C40000-0x0000000000CA0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/2212-108-0x0000000140000000-0x0000000140237000-memory.dmp

              Filesize

              2.2MB

              Download

            • memory/3344-7-0x0000000000730000-0x0000000000797000-memory.dmp

              Filesize

              412KB

              Download

            • memory/3344-0-0x0000000000400000-0x000000000055A000-memory.dmp

              Filesize

              1.4MB

              Download

            • memory/3344-1-0x0000000000730000-0x0000000000797000-memory.dmp

              Filesize

              412KB

              Download

            • memory/3344-6-0x0000000000730000-0x0000000000797000-memory.dmp

              Filesize

              412KB

              Download

            • memory/3344-21-0x0000000000400000-0x000000000055A000-memory.dmp

              Filesize

              1.4MB

              Download

            • memory/3344-89-0x0000000000400000-0x000000000055A000-memory.dmp

              Filesize

              1.4MB

              Download

            • memory/4320-77-0x0000000140000000-0x000000014028F000-memory.dmp

              Filesize

              2.6MB

              Download

            • memory/4320-12-0x0000000140000000-0x000000014028F000-memory.dmp

              Filesize

              2.6MB

              Download

            • memory/4320-13-0x0000000000790000-0x00000000007F0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/4320-19-0x0000000000790000-0x00000000007F0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/4620-87-0x0000000140000000-0x000000014028E000-memory.dmp

              Filesize

              2.6MB

              Download

            • memory/4620-26-0x00000000006A0000-0x0000000000700000-memory.dmp

              Filesize

              384KB

              Download

            • memory/4620-27-0x0000000140000000-0x000000014028E000-memory.dmp

              Filesize

              2.6MB

              Download

            • memory/4620-34-0x00000000006A0000-0x0000000000700000-memory.dmp

              Filesize

              384KB

              Download