Analysis Overview
SHA256
be6d9cc93d0d7e63f8bca78f2a281bc5c13ce5512c07f77c3162df7aaed947b1
Threat Level: Shows suspicious behavior
The file 2024-06-04_f339756a91e40ce34ff16d6805d8b379_magniber was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Writes to the Master Boot Record (MBR)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-04 11:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 11:35
Reported
2024-06-04 11:38
Platform
win7-20240221-en
Max time kernel
122s
Max time network
124s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_f339756a91e40ce34ff16d6805d8b379_magniber.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_f339756a91e40ce34ff16d6805d8b379_magniber.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_f339756a91e40ce34ff16d6805d8b379_magniber.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_f339756a91e40ce34ff16d6805d8b379_magniber.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_f339756a91e40ce34ff16d6805d8b379_magniber.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_f339756a91e40ce34ff16d6805d8b379_magniber.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_f339756a91e40ce34ff16d6805d8b379_magniber.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-04_f339756a91e40ce34ff16d6805d8b379_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-04_f339756a91e40ce34ff16d6805d8b379_magniber.exe"
Network
Files
\Users\Admin\AppData\Local\Temp\UNIFC25.tmp\dr.dll
| MD5 | 47e5db9c8990f133d57c564c20668d38 |
| SHA1 | b8d90e8922c71935c61ecaae9a482fba6c3439ba |
| SHA256 | 5d14c76dbc223385f34e60391ca91475078c1fe35822bf91f825fc8196d95fcd |
| SHA512 | 000608913349ce84ef8eda5f68d03ef74fd57f6a16d74cb5b0945621f281b2396535f42daac33ab7bf94317b783caec9c32edfbaffa4da56c97dbfe9ea084488 |
memory/2868-9-0x0000000003470000-0x0000000003471000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-04 11:35
Reported
2024-06-04 11:38
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_f339756a91e40ce34ff16d6805d8b379_magniber.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_f339756a91e40ce34ff16d6805d8b379_magniber.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_f339756a91e40ce34ff16d6805d8b379_magniber.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_f339756a91e40ce34ff16d6805d8b379_magniber.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-04_f339756a91e40ce34ff16d6805d8b379_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-04_f339756a91e40ce34ff16d6805d8b379_magniber.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\UNIFC27.tmp\dr.dll
| MD5 | 47e5db9c8990f133d57c564c20668d38 |
| SHA1 | b8d90e8922c71935c61ecaae9a482fba6c3439ba |
| SHA256 | 5d14c76dbc223385f34e60391ca91475078c1fe35822bf91f825fc8196d95fcd |
| SHA512 | 000608913349ce84ef8eda5f68d03ef74fd57f6a16d74cb5b0945621f281b2396535f42daac33ab7bf94317b783caec9c32edfbaffa4da56c97dbfe9ea084488 |
memory/5032-12-0x0000000003610000-0x0000000003611000-memory.dmp