Analysis
-
max time kernel
15s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
29-05-2024 11:34
Behavioral task
behavioral1
Sample
MagnusNightV6.exe
Resource
win7-20240508-en
General
-
Target
MagnusNightV6.exe
-
Size
7.3MB
-
MD5
9c6753dc5c8105888e74b8bbb1f3cb2b
-
SHA1
c0462a45240c90debfe879a4202b5041f4c9fa4c
-
SHA256
abadb91aef6f3f4f2dfdfaeb726fd86db82a9d5e31a2ff7749fd875baab67bfc
-
SHA512
9aba4119aa0dc9da8a8204ca181fae7d080c898e3aa31126f61b35e19cb3840eb25666b48d116da8c8389eae8c9017a27cd5441db45edc1ed18b8c6a03d2834f
-
SSDEEP
196608:krpkYS6bOshoKMuIkhVastRL5Di3uh1D7Jm:7YSuOshouIkPftRL54YRJm
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
MagnusNightV6.exepid process 2836 MagnusNightV6.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI20602\python311.dll upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
MagnusNightV6.exedescription pid process target process PID 2060 wrote to memory of 2836 2060 MagnusNightV6.exe MagnusNightV6.exe PID 2060 wrote to memory of 2836 2060 MagnusNightV6.exe MagnusNightV6.exe PID 2060 wrote to memory of 2836 2060 MagnusNightV6.exe MagnusNightV6.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\MagnusNightV6.exe"C:\Users\Admin\AppData\Local\Temp\MagnusNightV6.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2060 -
C:\Users\Admin\AppData\Local\Temp\MagnusNightV6.exe"C:\Users\Admin\AppData\Local\Temp\MagnusNightV6.exe"2⤵
- Loads dropped DLL
PID:2836
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2660
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD55f6fd64ec2d7d73ae49c34dd12cedb23
SHA1c6e0385a868f3153a6e8879527749db52dce4125
SHA256ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967
SHA512c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab