Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    15-06-2024 11:50

General

  • Target

    2024-06-15_bc2aa1e3a324f4921af034533e1cd99b_magniber.exe

  • Size

    1.5MB

  • MD5

    bc2aa1e3a324f4921af034533e1cd99b

  • SHA1

    2f4744a5b1812981969aa628eea3affc393ce3ee

  • SHA256

    8f182ac690b9b9ca1ea90c983435bb110a1e923b81538452953a34b043edaec0

  • SHA512

    04988476b1453cf60dea1c8c07c15f3573806d86551978861fbe44386dba4b25fd039f088fb2ab08c7e0812b1cbf1aa8579c98d40c25156c2f823f9102e2ba12

  • SSDEEP

    49152:FWUMv5De9/yG9/ooooERQr0tb6H8RlOuQhRe4/vR:FWUMqyGB0Z6H8Rl4yW

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Modifies registry class 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-15_bc2aa1e3a324f4921af034533e1cd99b_magniber.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-15_bc2aa1e3a324f4921af034533e1cd99b_magniber.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    PID:1936

Network

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Replay Monitor

Loading Replay Monitor...

Downloads