Overview

overview

7

Static

static

3

2024-05-28...il.exe

windows7-x64

3

2024-05-28...il.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-05-2024 16:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-28_c6ccf397e22b3603ff94098384d4820f_magniber_revil.exe

  • Size

    2.2MB

  • MD5

    c6ccf397e22b3603ff94098384d4820f

  • SHA1

    015b4a792ad9867f7fe8a986500efe9b9d6086e4

  • SHA256

    9589b29775a7f2b004962a16c073967dcb5a73907c742bf3de849b602f81c490

  • SHA512

    ed660b8e6d3a90915e11dc78bbd777640d85e141211871f8b926a17dd3fdf992278d5d26bcb6193119bae0ce95f5d1bca0bad685a65ab798c75340c0194cb3cb

  • SSDEEP

    49152:CqmzmiDe11QRsdC1mYkmVSPsJmDs0sm5NGsT:CqmpDe1mRGrGV3Jes0s

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-28_c6ccf397e22b3603ff94098384d4820f_magniber_revil.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-28_c6ccf397e22b3603ff94098384d4820f_magniber_revil.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4916
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" https://www.aceview.cc/
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2564
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" https://www.aceview.cc/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4432
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4432 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:5092

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    c04af526ef1338b7a95090a096fb836f

    SHA1

    9872580735c19384b9eab5baf168e288862dd8aa

    SHA256

    3839653c6cf51672c67c89c5b565c5474aa031c98746cd89c5763995a61b3d30

    SHA512

    46c4c9d951074ff2fdda76283306e5ae12fe1829bb24ec8ed827785ff1967075c5da6cd21b447adf69e2af663b38cab5a478e54213f46e84a7f329c1eeebe40d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    6665b5eec34b7c7a6453d0251f299cd0

    SHA1

    a9d7b181cf9b906b6d3b7b0d0b3d9d789ffb9251

    SHA256

    f70f10a834c0a8a0738004cece66dd19c7ca228769aaacacce25167614035465

    SHA512

    c80803e188cde20577054739851f5857b5a1274e92ea25d38ef9101d3c85b6031f36319bc7de55818b56137e6b159d05f3187c305ce5a2083d8f4e6ff01bbc7d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verCD52.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\g72no60\imagestore.dat
    Filesize

    16KB

    MD5

    5bf26b36dbc6c57982d02641fad91993

    SHA1

    d73a0cf4fbab2a3579c3231f8254f0e5c0ac2a26

    SHA256

    18fb54e1f780ab5c04e7c5eecca138e75a0acb14ab792327702ac9b1c7a4341c

    SHA512

    5d801cbe1962393eed2f7adcbfaa89af3a87c4b9fcbe139b253ac7fc1ef75dce05b2820db357769d5f5fcd632b892c2bb89772dab11c17a8c19b60597f8ea561

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Z5ILU938\favicon[1].ico
    Filesize

    16KB

    MD5

    be7cc2e19d6a6713553450d6b2b690b0

    SHA1

    d19bec86a7c8334779a7087b9bc392b81ab65419

    SHA256

    61faa3885a3a1b109970c1212ea3367db494841e82964df867c27415eaf341e8

    SHA512

    0b922115864f4b923bfe67e96ad404777638bcfde164bef88e04789f20de409bdbc4c4d40da6dbb607a741fc70cec2dbc42f65ee4530661b668dd7b2636a4665

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Z5ILU938\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit