Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
23-05-2024 00:30
General
-
Target
2024-05-23_39a694e4de1e9f828e5ac37badb7d7c6_magniber.exe
-
Size
26.3MB
-
MD5
39a694e4de1e9f828e5ac37badb7d7c6
-
SHA1
82a9c35c2ea8975f158ad77cca50834dda8cefa3
-
SHA256
0314f637928f25aee967d5bc9bc9f240b83399e3d8cba41d6b11a03582620091
-
SHA512
e6c55a8d0f789ce546339ca737063a06972656661ff2c5b5575cdc7f13005156bedc3f6231acbeb27bee0d0bc21fd20419320b1f073561a9169fdb2605d46b28
-
SSDEEP
786432:9RtgTLKoyCeXJ+Sxr4xONXWoM5qEE2aO/Nmrvd:xgTd4EEI/NGl
Malware Config
Signatures
-
UAC bypass 3 TTPs 3 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 28 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-23_39a694e4de1e9f828e5ac37badb7d7c6_magniber.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-23_39a694e4de1e9f828e5ac37badb7d7c6_magniber.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ipconfig /all2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\ipconfig.exeipconfig /all3⤵
- Gathers network information
-
C:\Windows\System32\netsh.exe"C:\Windows\System32\netsh.exe" -f C:\Users\Public\Pictures\OtyPf.xml2⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Roaming\0iGW6.bat"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\reg.exereg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t reg_dword /d 0 /F3⤵
- UAC bypass
-
C:\Windows\system32\reg.exereg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t reg_dword /d 0 /F3⤵
- UAC bypass
-
C:\Windows\system32\reg.exereg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop /t reg_dword /d 0 /F3⤵
- UAC bypass
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c copy /b C:\Users\Public\Pictures\KP01w\HqhLA~z1\p+C:\Users\Public\Pictures\KP01w\HqhLA~z1\w C:\Users\Public\Pictures\KP01w\HqhLA~z1\libssl-1_1.dll2⤵
-
C:\Windows\system32\mmc.exeC:\Windows\system32\mmc.exe -Embedding1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Public\Pictures\KP01w\HqhLA~z1\bbservice.exe"C:\Users\Public\Pictures\KP01w\HqhLA~z1\bbservice.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
392B
MD530d6eb22d6aeec10347239b17b023bf4
SHA1e2a6f86d66c699f6e0ff1ac4e140af4a2a4637d1
SHA256659df6b190a0b92fc34e3a4457b4a8d11a26a4caf55de64dfe79eb1276181f08
SHA512500872c3f2f3f801ec51717690873194675cb7f32cc4a862c09d90c18638d364d49b0e04c32323f52734e5c806e3503a63ac755c7019d762786a72840123df76
-
Filesize
173KB
MD53bb486bb9eed06ff50eb5170f667f0cc
SHA1a7d968c3465cd3c5a3619fd28ad72e1ac0d0034f
SHA2566fcff0d141f2688be8d6b13fac3a99c109c39ac51003855ca761e3c240e686c5
SHA512dd39be0a34e918834971bd5fc876eb2c2fc8aacf9f17e9898996ff637e49d5c2e89f2fbdead973675ddf853555f093e5b2af0ea788ca892e6b192d74c2551118
-
Filesize
1.2MB
MD5c60a22a37adc0d2be83d809e4aac166a
SHA1f3531db8df1fac74c13e539c620beff7fc62b699
SHA256808fd639a968290a46c475724746e0915a9c3ec96a20e20b771d447819d1c268
SHA51256b0427bb357535e6dad314be1d8864432b77d58cbabccf12a035056e86bfdcedbf713a337543332c83d4fbf5092901b8ad3db91f5758c7aae689b824baabbf6
-
Filesize
3.0MB
MD57e7b8c426d4dc9156d1285f904cb41e6
SHA11a1ff5277a130843b8f3ae2b17c88277f1e4dd07
SHA256dc7ed605c919c529b19f55f447054d5bb89b25b7ac9633c6cc8d052f2e25687d
SHA512fe5567d9d33c1c3c4748a7f6bd5b9c4fe872a10de9d31f5fee8f2ed0c750ffe069c96344f00890aba936344308d5f2afa65bc61d21fec40fe0ae105360cb190b
-
Filesize
2.0MB
MD50db9fb77a276f561c3efa1a5b9eea753
SHA11c520dae2c8beb2aa87a38d6568ffe6049d2ced7
SHA256c20ca26cc006da5a336ae5732d407a1c4d3d4701fb6cea393ab1a160f6f6dc67
SHA512500daeb90823cb72326b4ca82c3d2030b80c852bf5c1aa9201d39efb214112c2684ed0466bd61ba1543d9b6376ec10b2df7a2eb151a46449747e5d2db82e1c59
-
Filesize
1018KB
MD532c260975a711177aa19ee18864c3601
SHA1da08581f5a7142da269e23bbc6ae26b40c825eb7
SHA25651e9d8dc6699680faaa98ab50df949a26705587f3daff397fdca2c061c144e5d
SHA512a7ff7e21f71a8ef72ba08c6e003e1648ea59b942071c48756a3cb944e9543b20794c4401a65a5fd6e1a2247aac219cce4a479350009a80a49c7c939316a02060
-
Filesize
1018KB
MD5ca460704cfdf12b15b7c9beda2f47c82
SHA1c125e7dbd0e1a60cf33c2be349679042d2e4e201
SHA25607c2e82aa75fa0144c3300bc40b51241d454cc0b78a9d0575f8a9700c55d286b
SHA5128437495429400be64e27253ad2691f3377d05c1821deb3d9ce3e8e99ef03241ae5c16019954462828068d03b69773a8acdeeee2e77a97120a8fc774b49490f88
-
Filesize
1.4MB
MD59fd0a38f77247b7c7e2758135a2b23ea
SHA150e13ecbe55b86a17b3e5e71061b0ea1b5354d51
SHA256ec8103856d5886497a313eff72a622780923fc782d66fcd0fe95e690ccb201bd
SHA512c927afb93fbba015d2f286f6b97d9fe5c4887281679fc4cf7d43a610a7f9ba23c3741f04ffde37483dd54124d93d6536c2cd00baa8e220a3b23a036bbc507d8e
-
Filesize
3.8MB
-
Filesize
3.8MB
-
Filesize
3.8MB
-
Filesize
3.8MB
-
Filesize
424KB