Analysis Overview
SHA256
4c8a7284b9cceb1ddb4175a231cff80784271b37ce53491cb069d32b4873a795
Threat Level: Shows suspicious behavior
The file 2024-06-15_9730d9f8735915782ea1e1b7a4c4256b_magniber was found to be: Shows suspicious behavior.
Malicious Activity Summary
Writes to the Master Boot Record (MBR)
Modifies registry class
Suspicious use of FindShellTrayWindow
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-15 03:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 03:35
Reported
2024-06-15 03:37
Platform
win7-20240508-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-06-15_9730d9f8735915782ea1e1b7a4c4256b_magniber.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367" | C:\Users\Admin\AppData\Local\Temp\2024-06-15_9730d9f8735915782ea1e1b7a4c4256b_magniber.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\5E1D6A55-0134-486E-A166-38C2E4919BB1 = "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAnTh7I1GIXU+uPkNl6OeLmwQAAAACAAAAAAAQZgAAAAEAACAAAABHeW3lNB133CQ74dykZ92LSYL3UKxo77+g47q1AJ2e+AAAAAAOgAAAAAIAACAAAADH6uIM9K4pgEENE3ZIIp6fE5oBLex9lKueEA/QdkX44zAAAAAoqxCsJboZ3+cegoOe0Tn2mtm+YPOKC8mjAJQGwhW5iJTZ/hEX7Ohn9j4IQQ4Va8VAAAAA/Z17Y3Z8lDeXuaMJo0mcwsscfO5qm2s4WD2BeuXdILPwCjgJYLuewiqJZo7HRupuGN8vNcfv4tCp3ES3uKYvPg==" | C:\Users\Admin\AppData\Local\Temp\2024-06-15_9730d9f8735915782ea1e1b7a4c4256b_magniber.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "65a3ad39-108c-4831-a602-395cdd76571d" | C:\Users\Admin\AppData\Local\Temp\2024-06-15_9730d9f8735915782ea1e1b7a4c4256b_magniber.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Users\Admin\AppData\Local\Temp\2024-06-15_9730d9f8735915782ea1e1b7a4c4256b_magniber.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-15_9730d9f8735915782ea1e1b7a4c4256b_magniber.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-15_9730d9f8735915782ea1e1b7a4c4256b_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-15_9730d9f8735915782ea1e1b7a4c4256b_magniber.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 03:35
Reported
2024-06-15 03:37
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-06-15_9730d9f8735915782ea1e1b7a4c4256b_magniber.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Users\Admin\AppData\Local\Temp\2024-06-15_9730d9f8735915782ea1e1b7a4c4256b_magniber.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367" | C:\Users\Admin\AppData\Local\Temp\2024-06-15_9730d9f8735915782ea1e1b7a4c4256b_magniber.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\5E1D6A55-0134-486E-A166-38C2E4919BB1 = "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAOLbpEIifR0KmjO3/Fi+9NQQAAAACAAAAAAAQZgAAAAEAACAAAABDBlW1lIl7vClAdb9k9MxkGOxXoZeCj6WLXrTDsoha8gAAAAAOgAAAAAIAACAAAABO2WZqNe7BK68WW1IQttw0ZxrjmGY46KkdI33XHbwfszAAAADTf4wZ0IEVur2Ee3wR7OyPkh0o4PlpmmZJF0nE4q9o7v/Eh9xmPFXVelwBjUs3kTpAAAAAr2dHQZIGhF8EUp68ALkPiN9stawqR97ZlXOMqSKTqBDMAPzgzF1vCxRQs7aTDQnTMRXcJsv864mWyTOtU6qzng==" | C:\Users\Admin\AppData\Local\Temp\2024-06-15_9730d9f8735915782ea1e1b7a4c4256b_magniber.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "2c4a71f1-46b9-41a6-bdb5-374f9ec83ced" | C:\Users\Admin\AppData\Local\Temp\2024-06-15_9730d9f8735915782ea1e1b7a4c4256b_magniber.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-15_9730d9f8735915782ea1e1b7a4c4256b_magniber.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-15_9730d9f8735915782ea1e1b7a4c4256b_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-15_9730d9f8735915782ea1e1b7a4c4256b_magniber.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |