Overview

overview

7

Static

static

3

2024-05-23...er.exe

windows7-x64

7

2024-05-23...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/05/2024, 07:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-23_1ad3aee6382d3cb1a07c2e9c13c55e47_magniber.exe

  • Size

    4.8MB

  • MD5

    1ad3aee6382d3cb1a07c2e9c13c55e47

  • SHA1

    b801682937a84c8e97aee3d6fe950fa09e725dfe

  • SHA256

    fd0c4c1496954e8eb4e8416542e4421de23718fee9b5344b9375222cef9247b6

  • SHA512

    fa02d439fa11e474c33fd6b552d8a83505b4de156bae3e3a14a681d1932eecc20f9258a5de8bdf97698a7e539aa1f44a23978e6968ecd8acccde239d5db70950

  • SSDEEP

    98304:nAejIUQM1NzhJ2wJwPGhMeUu5Ve0xxiZUqokmZa:OrwdrieXq0xMToQ

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-23_1ad3aee6382d3cb1a07c2e9c13c55e47_magniber.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-23_1ad3aee6382d3cb1a07c2e9c13c55e47_magniber.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Modifies system certificate store
    PID:3604
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3376 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3912

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\{1B4C77D9-A8FC-4e24-81E6-54162D4E08A0}.tmp\360NetUL.dll
            Filesize

            237KB

            MD5

            e965ae5ece45e7951050fbd4c8e6dfa1

            SHA1

            7dbac716a97758652fcd0c64c3a058e0b23e3b58

            SHA256

            57da4c2a9b303cdbef17a9937a983a67ea9d32f8c7474077f300bedb03887520

            SHA512

            0ab2108de1614fcc066a4e5982368ad39145b6aa1b073969f859bfe47440b876fd8b48dcdf986b6359d67701e6c3bb080745d78fec82f37e29c64a4daa8cc367

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\{666CC4F4-7A1D-4807-9B82-5A36A12428BE}.tmp\7z.dll
            Filesize

            1.1MB

            MD5

            510b4fb31400e4d222dda77e4ebaa734

            SHA1

            722672630d14fb58388bb571417786210a969c86

            SHA256

            43ab16e268342796e773b516c6062db70d04fea647ec5a63199ce5c4f125f9ad

            SHA512

            592cabeac8046d6811f5d37858c9370b929efa6a10180e9d5bc702eba01429d12c47b808efe7013ba4918591ae25a2134a0dfa4a8842f80a8b34d675fbb5ea11

            Download Submit