Overview

overview

10

Static

static

3

2024-04-27...er.exe

windows7-x64

10

2024-04-27...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/04/2024, 01:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-27_2e065ee344248d01633b3b87fb1da58b_magniber.exe

  • Size

    162KB

  • MD5

    2e065ee344248d01633b3b87fb1da58b

  • SHA1

    0097be3ce6d29c8bc54343e27a45831d34886bc5

  • SHA256

    57a0d8b7f4613b21eec6d922afa98fd1f1e1f627d41557996ccfada8f851edb2

  • SHA512

    36abae7950a15647a9a7caafea32704ab75b86e9a003e51ee01244a25349b0bcc2769b5873ed3065533c632a5e2edcfb385e16a9f75fb9f00449b464821f69ab

  • SSDEEP

    3072:3r1cWI8i05JurTwXU/ulPgc9qz+9+++++q+z7:b1RJxur8XMQPgyh+++++q+z7

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 8 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-27_2e065ee344248d01633b3b87fb1da58b_magniber.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-27_2e065ee344248d01633b3b87fb1da58b_magniber.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4384
    • C:\Users\Admin\AppData\Local\Temp\2024-04-27_2e065ee344248d01633b3b87fb1da58b_magniber.exe
      "C:\Users\Admin\AppData\Local\Temp\2024-04-27_2e065ee344248d01633b3b87fb1da58b_magniber.exe"
      2⤵
      • Checks computer location settings
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:1064
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mjarogbqbt.bat" "
        3⤵
          PID:1140
        • C:\Windows\M-50502979739026720652860250\winmgr.exe
          C:\Windows\M-50502979739026720652860250\winmgr.exe
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of WriteProcessMemory
          PID:4552
          • C:\Windows\M-50502979739026720652860250\winmgr.exe
            C:\Windows\M-50502979739026720652860250\winmgr.exe
            4⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            PID:2464

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\mjarogbqbt.bat
      Filesize

      278B

      MD5

      3720b20ede0f0beb8de3e371cdc9e17e

      SHA1

      b9e3c5152453dd54e8eb8f9bb944a3eea4a4379d

      SHA256

      b2c106d794a5bf59e16d948ddf2004244d876d7fbaebc5433eb2924ba2ea3430

      SHA512

      8a9b7f2e06eef4276861be094eaf8a035fa54e8178266d20583c3502127a8133e6876c0a5454826228a6a3d3d735de49b37761ec03c93aeb0546db788f1b3c29

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\phqghumeay
      Filesize

      163KB

      MD5

      490135da4d524c9e50d42ab7a7924bee

      SHA1

      2fe9725f9525b1560f40c601867ee958e70fd49a

      SHA256

      a2a0d2833c211e150742ddca6eb7ab387ab8c26a88ddfd352b2971108dae00e3

      SHA512

      d8bea0f003c0957c0772872744088a70eff398eed466a7be653479dc7c5b3bff27a94375913e67fe87a3f8438528d5944e7d61a9213a79fad180606a81fa1e27

      Download Submit

    • C:\Windows\M-50502979739026720652860250\winmgr.exe
      Filesize

      162KB

      MD5

      2e065ee344248d01633b3b87fb1da58b

      SHA1

      0097be3ce6d29c8bc54343e27a45831d34886bc5

      SHA256

      57a0d8b7f4613b21eec6d922afa98fd1f1e1f627d41557996ccfada8f851edb2

      SHA512

      36abae7950a15647a9a7caafea32704ab75b86e9a003e51ee01244a25349b0bcc2769b5873ed3065533c632a5e2edcfb385e16a9f75fb9f00449b464821f69ab

      Download Submit

    • memory/1064-2-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/1064-5-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/1064-7-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2464-27-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2464-24-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2464-29-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2464-39-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2464-46-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2464-56-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2464-63-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/4384-6-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4384-0-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4384-4-0x0000000000710000-0x0000000000810000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4552-18-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4552-25-0x0000000000500000-0x0000000000600000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4552-26-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download