Analysis Overview
SHA256
8fc64c1e37452e82d681c9ba5e6e293663e85894f703e8ae48b4b23bf4698448
Threat Level: Shows suspicious behavior
The file 2024-06-12_1934e44653530bc41e2aafe4736e0440_magniber was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Writes to the Master Boot Record (MBR)
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-12 11:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 11:03
Reported
2024-06-12 11:06
Platform
win7-20240611-en
Max time kernel
118s
Max time network
123s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-12_1934e44653530bc41e2aafe4736e0440_magniber.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-06-12_1934e44653530bc41e2aafe4736e0440_magniber.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\2024-06-12_1934e44653530bc41e2aafe4736e0440_magniber.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-12_1934e44653530bc41e2aafe4736e0440_magniber.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-12_1934e44653530bc41e2aafe4736e0440_magniber.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-12_1934e44653530bc41e2aafe4736e0440_magniber.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-12_1934e44653530bc41e2aafe4736e0440_magniber.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-12_1934e44653530bc41e2aafe4736e0440_magniber.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-12_1934e44653530bc41e2aafe4736e0440_magniber.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-12_1934e44653530bc41e2aafe4736e0440_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-12_1934e44653530bc41e2aafe4736e0440_magniber.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s.pcmgr.qq.com | udp |
| HK | 43.135.106.117:80 | s.pcmgr.qq.com | tcp |
| HK | 43.135.106.117:443 | s.pcmgr.qq.com | tcp |
| US | 8.8.8.8:53 | pc1.gtimg.com | udp |
| CN | 211.97.92.160:443 | pc1.gtimg.com | tcp |
| CN | 112.84.131.72:443 | pc1.gtimg.com | tcp |
| CN | 122.188.37.91:443 | pc1.gtimg.com | tcp |
| CN | 119.188.174.56:443 | pc1.gtimg.com | tcp |
| CN | 1.62.64.113:443 | pc1.gtimg.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\UNI80A1.tmp\dr.dll
| MD5 | 47e5db9c8990f133d57c564c20668d38 |
| SHA1 | b8d90e8922c71935c61ecaae9a482fba6c3439ba |
| SHA256 | 5d14c76dbc223385f34e60391ca91475078c1fe35822bf91f825fc8196d95fcd |
| SHA512 | 000608913349ce84ef8eda5f68d03ef74fd57f6a16d74cb5b0945621f281b2396535f42daac33ab7bf94317b783caec9c32edfbaffa4da56c97dbfe9ea084488 |
memory/2160-9-0x0000000001FC0000-0x0000000001FC1000-memory.dmp
memory/2160-32-0x0000000001FC0000-0x0000000001FC1000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 11:03
Reported
2024-06-12 11:06
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
56s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-12_1934e44653530bc41e2aafe4736e0440_magniber.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-06-12_1934e44653530bc41e2aafe4736e0440_magniber.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-12_1934e44653530bc41e2aafe4736e0440_magniber.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-12_1934e44653530bc41e2aafe4736e0440_magniber.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-12_1934e44653530bc41e2aafe4736e0440_magniber.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-12_1934e44653530bc41e2aafe4736e0440_magniber.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-12_1934e44653530bc41e2aafe4736e0440_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-12_1934e44653530bc41e2aafe4736e0440_magniber.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.pcmgr.qq.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\UNI809D.tmp\dr.dll
| MD5 | 47e5db9c8990f133d57c564c20668d38 |
| SHA1 | b8d90e8922c71935c61ecaae9a482fba6c3439ba |
| SHA256 | 5d14c76dbc223385f34e60391ca91475078c1fe35822bf91f825fc8196d95fcd |
| SHA512 | 000608913349ce84ef8eda5f68d03ef74fd57f6a16d74cb5b0945621f281b2396535f42daac33ab7bf94317b783caec9c32edfbaffa4da56c97dbfe9ea084488 |
memory/2300-14-0x00000000034E0000-0x00000000034E1000-memory.dmp
memory/2300-15-0x00000000034E0000-0x00000000034E1000-memory.dmp