e399068864d71d3b5c7e093665a70be63fe3bb3e1893645a3d093362cea8aa0a

Analysis

max time kernel
146s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 05:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-04-20_f9ea2b709cbe465f38dc48b567af25d9_magniber.exe
Size

4.5MB
MD5

f9ea2b709cbe465f38dc48b567af25d9
SHA1

e16d6acc4bc29aeddb5a33a0f61aff3521701207
SHA256

e399068864d71d3b5c7e093665a70be63fe3bb3e1893645a3d093362cea8aa0a
SHA512

a7ef9c15a9684006915fc90eca8b3ebf4b5a57be3858b3a76f84be13ed9af219cac4c0fdeadccdcce81bad74bf940e68bca6d1b298f98710c007a1e94494cbc2
SSDEEP

98304:1tcwzabaTEbMW6iDUWc7tdjfWAFFZ60VE2:Mw+GEgq6dlfZrE2

Score

9^/10

evasion

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	2024-04-20_f9ea2b709cbe465f38dc48b567af25d9_magniber.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4116	2024-04-20_f9ea2b709cbe465f38dc48b567af25d9_magniber.exe
4116	2024-04-20_f9ea2b709cbe465f38dc48b567af25d9_magniber.exe
4116	2024-04-20_f9ea2b709cbe465f38dc48b567af25d9_magniber.exe
4116	2024-04-20_f9ea2b709cbe465f38dc48b567af25d9_magniber.exe
4116	2024-04-20_f9ea2b709cbe465f38dc48b567af25d9_magniber.exe
4116	2024-04-20_f9ea2b709cbe465f38dc48b567af25d9_magniber.exe
4116	2024-04-20_f9ea2b709cbe465f38dc48b567af25d9_magniber.exe
4116	2024-04-20_f9ea2b709cbe465f38dc48b567af25d9_magniber.exe
4116	2024-04-20_f9ea2b709cbe465f38dc48b567af25d9_magniber.exe
4116	2024-04-20_f9ea2b709cbe465f38dc48b567af25d9_magniber.exe
4116	2024-04-20_f9ea2b709cbe465f38dc48b567af25d9_magniber.exe
4116	2024-04-20_f9ea2b709cbe465f38dc48b567af25d9_magniber.exe
4116	2024-04-20_f9ea2b709cbe465f38dc48b567af25d9_magniber.exe
4116	2024-04-20_f9ea2b709cbe465f38dc48b567af25d9_magniber.exe
4116	2024-04-20_f9ea2b709cbe465f38dc48b567af25d9_magniber.exe
4116	2024-04-20_f9ea2b709cbe465f38dc48b567af25d9_magniber.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4116	2024-04-20_f9ea2b709cbe465f38dc48b567af25d9_magniber.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-20_f9ea2b709cbe465f38dc48b567af25d9_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-20_f9ea2b709cbe465f38dc48b567af25d9_magniber.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:4116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4116-8-0x00000000031C0000-0x00000000031C1000-memory.dmp

Filesize
4KB

Download
memory/4116-17-0x00000000031C0000-0x00000000031C1000-memory.dmp

Filesize
4KB

Download