Analysis Overview
SHA256
3a2b72f5534b9c5c8b73d8250b27b8cfdada3decb62d71ce23851484d3ba2cc7
Threat Level: Shows suspicious behavior
The file 2024-06-14_2cb46c6a34799717761938752c2a3318_magniber_metamorfo_revil was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Writes to the Master Boot Record (MBR)
Unsigned PE
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 09:19
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 09:19
Reported
2024-06-14 09:22
Platform
win7-20240508-en
Max time kernel
117s
Max time network
117s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-14_2cb46c6a34799717761938752c2a3318_magniber_metamorfo_revil.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-14_2cb46c6a34799717761938752c2a3318_magniber_metamorfo_revil.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-06-14_2cb46c6a34799717761938752c2a3318_magniber_metamorfo_revil.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-14_2cb46c6a34799717761938752c2a3318_magniber_metamorfo_revil.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-14_2cb46c6a34799717761938752c2a3318_magniber_metamorfo_revil.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | search.52toolbox.com | udp |
| US | 8.8.8.8:53 | search.52toolbox.com | udp |
| US | 8.8.8.8:53 | s.52toolbox.com | udp |
Files
\Users\Admin\AppData\Local\Temp\curlnet.dll
| MD5 | 31809f4c132493f25a7101b7dfee3fc6 |
| SHA1 | df93349e4ec2a23158dbaa8a613f9c8a48aa1aad |
| SHA256 | 1bba9d7e041299219c4fc40e0a3b02a2eddad6cb50651166583848542f25fd48 |
| SHA512 | ddb796a9a2fe0f5d4b0df6686c05a26493cd689bb8d911549f563a02ae88382cbde749d5fbd915bed3b72db048ae384287980303ad6362d18618ea5497e283e4 |
\Users\Admin\AppData\Local\Temp\{4E85F478-59B3-4feb-A594-5B1529CB4AC6}.tmp\7z.dll
| MD5 | 5531a8b662bd7993825613a12af93dd9 |
| SHA1 | 45f1dc04ab21d35ca770fcb839d0f214830d2d81 |
| SHA256 | 5b9369cda0fe1f481815eae567fb18f45c8820b657b381c8083a92c3cbf49c6e |
| SHA512 | ced356370eea145f252129b08cc75e1e183aca0e2e6faa6475260ea5395a3adf415c1ad364495df56ccaba3fc15a4a8453701d320abcb17ff9eb760fe98c8bef |
memory/2928-16-0x0000000000550000-0x0000000000551000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 09:19
Reported
2024-06-14 09:22
Platform
win10v2004-20240611-en
Max time kernel
124s
Max time network
130s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-14_2cb46c6a34799717761938752c2a3318_magniber_metamorfo_revil.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-14_2cb46c6a34799717761938752c2a3318_magniber_metamorfo_revil.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-06-14_2cb46c6a34799717761938752c2a3318_magniber_metamorfo_revil.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-14_2cb46c6a34799717761938752c2a3318_magniber_metamorfo_revil.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-14_2cb46c6a34799717761938752c2a3318_magniber_metamorfo_revil.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3064,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=4308 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | search.52toolbox.com | udp |
| CN | 39.105.192.163:80 | search.52toolbox.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| BE | 88.221.83.249:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| CN | 39.105.192.163:80 | search.52toolbox.com | tcp |
| US | 8.8.8.8:53 | s.52toolbox.com | udp |
| CN | 139.196.165.62:80 | s.52toolbox.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\curlnet.dll
| MD5 | 31809f4c132493f25a7101b7dfee3fc6 |
| SHA1 | df93349e4ec2a23158dbaa8a613f9c8a48aa1aad |
| SHA256 | 1bba9d7e041299219c4fc40e0a3b02a2eddad6cb50651166583848542f25fd48 |
| SHA512 | ddb796a9a2fe0f5d4b0df6686c05a26493cd689bb8d911549f563a02ae88382cbde749d5fbd915bed3b72db048ae384287980303ad6362d18618ea5497e283e4 |
C:\Users\Admin\AppData\Local\Temp\{A9C7D033-2429-49eb-A6DA-CD6A169A0F3E}.tmp\7z.dll
| MD5 | 5531a8b662bd7993825613a12af93dd9 |
| SHA1 | 45f1dc04ab21d35ca770fcb839d0f214830d2d81 |
| SHA256 | 5b9369cda0fe1f481815eae567fb18f45c8820b657b381c8083a92c3cbf49c6e |
| SHA512 | ced356370eea145f252129b08cc75e1e183aca0e2e6faa6475260ea5395a3adf415c1ad364495df56ccaba3fc15a4a8453701d320abcb17ff9eb760fe98c8bef |