Overview

overview

6

Static

static

3

2024-06-14...er.exe

windows7-x64

6

2024-06-14...er.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2024, 09:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-14_4d27d0395f05261bc5ffc5dfdfba9e3e_magniber.exe

  • Size

    4.6MB

  • MD5

    4d27d0395f05261bc5ffc5dfdfba9e3e

  • SHA1

    64b3f03ef500b0fabe7ee2cc7a7d8bef41df57c2

  • SHA256

    a2ff57e7773623cc09f98fbe0e8706d40bce2275c2f16a74aaa0bc967b770777

  • SHA512

    3bc197dfe385a634a4c37555dbed27658a1e9e3844e69a0420e748cc88fd0100550931cf7820f8a857705aa8a84e3c2e38e79da1ef2736c82511f7ef6a4dbc4d

  • SSDEEP

    49152:+Sd/SmMp/luXDffWTCcAt0ZqJEK8AbYMsYzOMsT43QTE6gUN:k/UcAt0oJ0A3sYqM93wi

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-14_4d27d0395f05261bc5ffc5dfdfba9e3e_magniber.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-14_4d27d0395f05261bc5ffc5dfdfba9e3e_magniber.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of NtCreateThreadExHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Users\Admin\AppData\Local\Temp\2024-06-14_4d27d0395f05261bc5ffc5dfdfba9e3e_magniber.exe
      "C:\Users\Admin\AppData\Local\Temp\2024-06-14_4d27d0395f05261bc5ffc5dfdfba9e3e_magniber.exe"
      2⤵
        PID:2632

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1612-16-0x0000000000400000-0x0000000000B04000-memory.dmp

      Filesize

      7.0MB

      Download

    • memory/1612-0-0x0000000000400000-0x0000000000B04000-memory.dmp

      Filesize

      7.0MB

      Download

    • memory/1612-2-0x0000000000400000-0x0000000000B04000-memory.dmp

      Filesize

      7.0MB

      Download

    • memory/1612-4-0x0000000000170000-0x000000000017A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1612-3-0x0000000000170000-0x000000000017A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1612-5-0x0000000000400000-0x0000000000B04000-memory.dmp

      Filesize

      7.0MB

      Download

    • memory/1612-1-0x0000000000419000-0x0000000000432000-memory.dmp

      Filesize

      100KB

      Download

    • memory/2632-8-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2632-10-0x0000000000120000-0x0000000000121000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2632-6-0x00000000000C0000-0x000000000011B000-memory.dmp

      Filesize

      364KB

      Download

    • memory/2632-14-0x00000000000C0000-0x000000000011B000-memory.dmp

      Filesize

      364KB

      Download

    • memory/2632-15-0x00000000000C0000-0x000000000011B000-memory.dmp

      Filesize

      364KB

      Download

    • memory/2632-12-0x0000000000120000-0x0000000000121000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2632-18-0x00000000000C0000-0x000000000011B000-memory.dmp

      Filesize

      364KB

      Download