717e2b3ba0a82c0732e933abec24b08cae4e36d8d59ba734c74a27738ff55555

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 07:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-06-04_af4b6afdca705ade6b3f26a3b99dc3b3_magniber.exe
Size

12.0MB
MD5

af4b6afdca705ade6b3f26a3b99dc3b3
SHA1

603d8b2aed439fd012ecefbce552e079b01ea9af
SHA256

717e2b3ba0a82c0732e933abec24b08cae4e36d8d59ba734c74a27738ff55555
SHA512

8292167b32779182fe655696cc7ae4a3dd807e338c85b4763952d77ccab6bef439bf4d0025f62e674e340893452e90e80ce66fbb23f934d2a25d447ea8b84496
SSDEEP

196608:vEcWqEWUo3xZWi/sWQ3ZCZxw3/aeFMxxBGnlgro7+bT8S/+MCqS+rJUmBzzF3zk:Vl3xZBQaw3/aGMxXGnlMeUT8SGu59zk

Score

9^/10

evasion

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	2024-06-04_af4b6afdca705ade6b3f26a3b99dc3b3_magniber.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1088	2024-06-04_af4b6afdca705ade6b3f26a3b99dc3b3_magniber.exe
1088	2024-06-04_af4b6afdca705ade6b3f26a3b99dc3b3_magniber.exe
1088	2024-06-04_af4b6afdca705ade6b3f26a3b99dc3b3_magniber.exe
1088	2024-06-04_af4b6afdca705ade6b3f26a3b99dc3b3_magniber.exe
1088	2024-06-04_af4b6afdca705ade6b3f26a3b99dc3b3_magniber.exe
1088	2024-06-04_af4b6afdca705ade6b3f26a3b99dc3b3_magniber.exe
1088	2024-06-04_af4b6afdca705ade6b3f26a3b99dc3b3_magniber.exe
1088	2024-06-04_af4b6afdca705ade6b3f26a3b99dc3b3_magniber.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1088	2024-06-04_af4b6afdca705ade6b3f26a3b99dc3b3_magniber.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-04_af4b6afdca705ade6b3f26a3b99dc3b3_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-04_af4b6afdca705ade6b3f26a3b99dc3b3_magniber.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:1088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1088-6-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/1088-14-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download