Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2024-05-08...er.exe

windows7-x64

10

2024-05-08...er.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/05/2024, 07:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-08_4acc6ba77918686895c160d1c006009e_magniber.exe

  • Size

    3.3MB

  • MD5

    4acc6ba77918686895c160d1c006009e

  • SHA1

    99a0da7eb873008bd4bc8dc432cae70abce44d0f

  • SHA256

    218245e02f4bff4470cb7771d69fb2f30fbf90a442beeab6b45d87190ba98523

  • SHA512

    d44aa9f8c5ed7ffbf8fcbc1bd6c43ed4665dd9fa25e4aa25678ee23e7d59dc3794cde0ea8b0f94b250a63890464e40b7bf614845b292d5dea4bf8038c19d8525

  • SSDEEP

    49152:NYluUHuOXieTE9GJfrzAJ5m7qnjJA0f9LOsZ12G3WjaEj+bFr3z0L7:NYkUOO6WrejJL9L3T2G3Wj/iJre

Score
10/10
banloaddownloaderdroppertrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 7 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-08_4acc6ba77918686895c160d1c006009e_magniber.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-08_4acc6ba77918686895c160d1c006009e_magniber.exe"
    1⤵
    • Checks BIOS information in registry
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2328
  • C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" -Embedding
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1632-34-0x00007FFBF93D0000-0x00007FFBF93E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1632-60-0x00007FFC39350000-0x00007FFC39545000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1632-57-0x00007FFBF93D0000-0x00007FFBF93E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1632-58-0x00007FFBF93D0000-0x00007FFBF93E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1632-59-0x00007FFBF93D0000-0x00007FFBF93E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1632-56-0x00007FFBF93D0000-0x00007FFBF93E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1632-47-0x00007FFBF6EC0000-0x00007FFBF6ED0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1632-46-0x00007FFBF6EC0000-0x00007FFBF6ED0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1632-45-0x00007FFC39350000-0x00007FFC39545000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1632-44-0x00007FFC39350000-0x00007FFC39545000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1632-42-0x00007FFC39350000-0x00007FFC39545000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1632-43-0x00007FFC39350000-0x00007FFC39545000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1632-41-0x00007FFC39350000-0x00007FFC39545000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1632-40-0x00007FFC39350000-0x00007FFC39545000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1632-38-0x00007FFBF93D0000-0x00007FFBF93E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1632-39-0x00007FFBF93D0000-0x00007FFBF93E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1632-35-0x00007FFC393ED000-0x00007FFC393EE000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1632-37-0x00007FFBF93D0000-0x00007FFBF93E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1632-36-0x00007FFBF93D0000-0x00007FFBF93E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2328-22-0x0000000000400000-0x0000000000A0E000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2328-21-0x0000000002CE0000-0x0000000002EED000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2328-32-0x0000000000400000-0x0000000000A0E000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2328-33-0x0000000000400000-0x0000000000A0E000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2328-30-0x0000000000400000-0x0000000000A0E000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2328-29-0x0000000000400000-0x0000000000A0E000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2328-28-0x0000000000400000-0x0000000000A0E000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2328-27-0x0000000000400000-0x0000000000A0E000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2328-26-0x0000000000400000-0x0000000000A0E000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2328-25-0x0000000000400000-0x0000000000A0E000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2328-24-0x0000000000400000-0x0000000000A0E000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2328-23-0x0000000000400000-0x0000000000A0E000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2328-1-0x0000000000400000-0x0000000000A0E000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2328-31-0x0000000000400000-0x0000000000A0E000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2328-14-0x0000000000400000-0x0000000000A0E000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2328-18-0x0000000000400000-0x0000000000A0E000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2328-19-0x0000000002CE0000-0x0000000002EED000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2328-16-0x0000000000400000-0x0000000000A0E000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2328-17-0x0000000000400000-0x0000000000A0E000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2328-15-0x0000000000400000-0x0000000000A0E000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2328-13-0x0000000000400000-0x0000000000A0E000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2328-8-0x0000000002CE0000-0x0000000002EED000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2328-2-0x0000000002CE0000-0x0000000002EED000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2328-61-0x0000000000400000-0x0000000000A0E000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2328-62-0x0000000000400000-0x0000000000A0E000-memory.dmp

    Filesize

    6.1MB

    Download