Overview

overview

10

Static

static

3

2024-04-16...er.exe

windows7-x64

10

2024-04-16...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/04/2024, 14:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-16_5bd5a35cac3ccfcf2bc92bdcbdeaea2b_magniber.exe

  • Size

    158KB

  • MD5

    5bd5a35cac3ccfcf2bc92bdcbdeaea2b

  • SHA1

    92c122fcfb0974dd7db945a158230484ab0d5ea3

  • SHA256

    2f77d79ed81700662374f3f87386cb2c9487485a787edfb751766e3d897888ae

  • SHA512

    eb62387fe0e53795c1f502ee8929b9624201c60a13ef7e6b01f2b9c3af7c94ce0aab60258370e7d716205303f49df670d8d01c6ea1d2166075f00e2729cf490e

  • SSDEEP

    3072:3r1cWI8i05JurTwXU/ulPgc9qz+9+++++++H:b1RJxur8XMQPgyh+++++++H

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 8 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-16_5bd5a35cac3ccfcf2bc92bdcbdeaea2b_magniber.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-16_5bd5a35cac3ccfcf2bc92bdcbdeaea2b_magniber.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2684
    • C:\Users\Admin\AppData\Local\Temp\2024-04-16_5bd5a35cac3ccfcf2bc92bdcbdeaea2b_magniber.exe
      "C:\Users\Admin\AppData\Local\Temp\2024-04-16_5bd5a35cac3ccfcf2bc92bdcbdeaea2b_magniber.exe"
      2⤵
      • Checks computer location settings
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:4140
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\alkvyfrjjv.bat" "
        3⤵
          PID:3448
        • C:\Windows\M-50502979739026720652860250\winmgr.exe
          C:\Windows\M-50502979739026720652860250\winmgr.exe
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of WriteProcessMemory
          PID:4908
          • C:\Windows\M-50502979739026720652860250\winmgr.exe
            C:\Windows\M-50502979739026720652860250\winmgr.exe
            4⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            PID:1112

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\alkvyfrjjv.bat
      Filesize

      278B

      MD5

      994eb76eeaecbf6d3e23109fcd3e0cfb

      SHA1

      224f7e4f71cc6ebd2d3c0168ed5eb1af74a00952

      SHA256

      331f812ced2aa337a6aa82d06cf890212a852a0b66b6329236f02c10c3bb9a3e

      SHA512

      0bf4137361277ee64fd8a62c2e6a3dff183a9ef7c0b2d4692a5213a5e4d2c5df47c71a3478ec4288a6aa15883d17458387cbe96420e311b6e70ff57588c170d0

      Download Submit

    • C:\Windows\M-50502979739026720652860250\winmgr.exe
      Filesize

      158KB

      MD5

      5bd5a35cac3ccfcf2bc92bdcbdeaea2b

      SHA1

      92c122fcfb0974dd7db945a158230484ab0d5ea3

      SHA256

      2f77d79ed81700662374f3f87386cb2c9487485a787edfb751766e3d897888ae

      SHA512

      eb62387fe0e53795c1f502ee8929b9624201c60a13ef7e6b01f2b9c3af7c94ce0aab60258370e7d716205303f49df670d8d01c6ea1d2166075f00e2729cf490e

      Download Submit

    • memory/1112-47-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/1112-63-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/1112-64-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/1112-56-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/1112-40-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/1112-46-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/1112-26-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/1112-27-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/1112-29-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/1112-39-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2684-5-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/2684-0-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/2684-2-0x00000000006D0000-0x00000000007D0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4140-7-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/4140-6-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/4140-3-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/4908-25-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4908-21-0x00000000007C0000-0x00000000008C0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4908-17-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download