Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
14-05-2024 18:46
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-14_06dc28c7414d3050464c253652e8cb7d_magniber_revil.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-05-14_06dc28c7414d3050464c253652e8cb7d_magniber_revil.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-05-14_06dc28c7414d3050464c253652e8cb7d_magniber_revil.exe
-
Size
18.5MB
-
MD5
06dc28c7414d3050464c253652e8cb7d
-
SHA1
072f770bebce12387eebf2e9096d186cfdb87cda
-
SHA256
5c46aec4468bcd0f358054adcee783eab587ba5017b1edee8881b78904623e35
-
SHA512
75018a2101fd20b8275d27884d1c34c8816415865cfdf81d635237b2a25b67409ed42857533d8a8dbc6fe3e7a5de30b62ea797e38454ba383a23d63db43b3878
-
SSDEEP
393216:H+Rf4UdVEy9qMBNLtl+H3orJHXSPyQeEeov42xZzKMsZWrEcbLXoE8yS2R5J:Uf4UdVEy9qMBNW4rJ3SPDV423kZfgP8A
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
pid Process 1312 2024-05-14_06dc28c7414d3050464c253652e8cb7d_magniber_revil.exe 1312 2024-05-14_06dc28c7414d3050464c253652e8cb7d_magniber_revil.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 2024-05-14_06dc28c7414d3050464c253652e8cb7d_magniber_revil.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 2300 1312 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1312 wrote to memory of 2300 1312 2024-05-14_06dc28c7414d3050464c253652e8cb7d_magniber_revil.exe 28 PID 1312 wrote to memory of 2300 1312 2024-05-14_06dc28c7414d3050464c253652e8cb7d_magniber_revil.exe 28 PID 1312 wrote to memory of 2300 1312 2024-05-14_06dc28c7414d3050464c253652e8cb7d_magniber_revil.exe 28 PID 1312 wrote to memory of 2300 1312 2024-05-14_06dc28c7414d3050464c253652e8cb7d_magniber_revil.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-14_06dc28c7414d3050464c253652e8cb7d_magniber_revil.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-14_06dc28c7414d3050464c253652e8cb7d_magniber_revil.exe"1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
PID:1312 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 8242⤵
- Program crash
PID:2300
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.9MB
MD5991f7dfe5115467b72de04d4ddeb6bac
SHA1f31d9541d896955e1bcf48e01b68fc3374501998
SHA256210ab11ab262d146ba4a8b1621668c5508f2e97d31788a1ec6474e5947479354
SHA51252bc896a261534bb47b7c1342b2809d86288dbf07b08d344646a3719ab25e3e37c34adb9c7b2139f6518d56b528b73a500451c5948307a58dcfecdc0d2b2b9a4
-
Filesize
1.1MB
MD5ea58ab20340cd1a4beeb1fe85bc09c9a
SHA10783d18e3ccc9faad51269c132d8fb559a2f83d2
SHA256cfdd08f5fc342b4e4aa3c515d318307351be752cc79a6818dbb986cddac47d6d
SHA5126f83ba8db59d8228f961f86364f1d4658e2f4b3773d0a8094f1f95eb635b68e08487a7286497de644a0c3ee83908ccc00e21048483f620ca86b30cfeba41b553