Analysis Overview
SHA256
0d2b4798b8aa77c8c817d46e9cedc4654af7794ab8de3d40f621e0a08d17f76f
Threat Level: Shows suspicious behavior
The file 2024-06-20_455caecc79ff99c68305b7e013818c77_magniber was found to be: Shows suspicious behavior.
Malicious Activity Summary
Writes to the Master Boot Record (MBR)
Executes dropped EXE
Loads dropped DLL
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Checks processor information in registry
Modifies registry class
Modifies system certificate store
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-20 11:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-20 11:25
Reported
2024-06-20 11:27
Platform
win7-20240221-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\icarus.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\privax-vpn\icarus.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-06-20_455caecc79ff99c68305b7e013818c77_magniber.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\icarus.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\icarus_ui.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\privax-vpn\icarus.exe | N/A |
Loads dropped DLL
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\icarus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\icarus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\icarus_ui.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\icarus_ui.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\privax-vpn\icarus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\privax-vpn\icarus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\icarus.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "66FC9A86B023D8FFC79948E2D373B0F2" | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\privax-vpn\icarus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "585c961e-5216-4629-90df-1fa3163aa0d8" | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "66FC9A86B023D8FFC79948E2D373B0F2" | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\5E1D6A55-0134-486E-A166-38C2E4919BB1 = "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAwu3JkhG/l0WFqQ1tXFoYBgQAAAACAAAAAAAQZgAAAAEAACAAAAAimBbtLQ3NQqbZG/gU77xVqW4ZrPvbsD2nmRDS3deUTgAAAAAOgAAAAAIAACAAAABeyuVND4DeaK6GOmonUwJa5F+QTG0sRaJ9BqwjizhNdGAAAAAs9LxOZxwUZW7c4UokzGDfYxHYquDqlg96TALUs6/rDbbDnF+Ok2H18YT5l7DrcaXJMxXUxc3uMwabB6x/rfrHhMQcTolqVqrU/iOuEsjdiG2J16oaJc7RR9yaobCLs7tAAAAAg8x6ZY9KAEUhW9uqXDqRBRa8FwEPasGag+n0QyE3CySsJjPgLHzOaEb1m8v9EaRTCeyR3/qL7e3CY475/EW2nQ==" | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\icarus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\privax-vpn\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "585c961e-5216-4629-90df-1fa3163aa0d8" | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\privax-vpn\icarus.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Temp\2024-06-20_455caecc79ff99c68305b7e013818c77_magniber.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\2024-06-20_455caecc79ff99c68305b7e013818c77_magniber.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\icarus_ui.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\icarus.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\icarus_ui.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\privax-vpn\icarus.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-20_455caecc79ff99c68305b7e013818c77_magniber.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\icarus_ui.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\icarus_ui.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-20_455caecc79ff99c68305b7e013818c77_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-20_455caecc79ff99c68305b7e013818c77_magniber.exe"
C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\icarus.exe
C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\icarus-info.xml /install /sssid:2160
C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\icarus_ui.exe
C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\icarus_ui.exe /sssid:2160 /er_master:master_ep_d1c415c9-2f22-4ab0-bafa-36c20606cc3c /er_ui:ui_ep_177aa07a-0932-40d1-be0d-05f22203ef98
C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\privax-vpn\icarus.exe
C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\privax-vpn\icarus.exe /sssid:2160 /er_master:master_ep_d1c415c9-2f22-4ab0-bafa-36c20606cc3c /er_ui:ui_ep_177aa07a-0932-40d1-be0d-05f22203ef98 /er_slave:privax-vpn_slave_ep_4cd64ba4-0588-437e-8e60-089198f55330 /slave:privax-vpn
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| GB | 2.21.189.79:443 | honzik.avcdn.net | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 34.160.176.28:443 | shepherd.ff.avast.com | tcp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| GB | 2.21.189.79:443 | honzik.avcdn.net | tcp |
| GB | 2.21.189.79:443 | honzik.avcdn.net | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
Files
\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\icarus.exe
| MD5 | c48866efc173ea0ec9bf50997667832a |
| SHA1 | 8c12528e50f9050f55837dc64c394018cdfee028 |
| SHA256 | 622e14f175b2a018786f29354ca8373bc0f6b2b5b2be06ebebdc5bed37d16b86 |
| SHA512 | cd8b1ed0d1a184a3fafc44785bfb470fa0dc84db4812e381cc0fcd8ce959a0c17188641c945c268bbe78c80fc716c59fbaaade22b3e3af57560d9364337b7d65 |
C:\ProgramData\Privax\Icarus\Logs\sfx.log
| MD5 | cc9e016cd7c996936864ee3efaf6026f |
| SHA1 | 4f00cbef9f1ef3a00f441f2b68f018a884f3a831 |
| SHA256 | 8c9d1c227a20532b506f4fb6deee848278c9cba56d3b8e49ac121dfd6815149e |
| SHA512 | 36d2f3b278f6d9a4eb6393cd986e59ef8caec6fc9b46bcb48c9ceb68dd7380eeafa2363c0e75f4c2a37d538aea79ff4cdd06b5c7e98e62f97c0e71e259812ee8 |
C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\icarus-info.xml
| MD5 | 427404042c3c8f616e52ca47359d6c32 |
| SHA1 | efe4ddf9ae1313931f2030169dd1cebb45afa855 |
| SHA256 | dd8acebec1f6a0094f9410955988d66cd472914503c19b93144f2b14d7355643 |
| SHA512 | 1dcd80b4764bb2ef896c7effeb616ce2be72ec05e90bfec571355baaba971c7c08ce9bff12a2d18c57789ed3b110e07846ed8d40990504efe5c459b97f0ef63f |
C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\icarus_ui.exe
| MD5 | a6d1dc0f66b7589ec7955533ea590f22 |
| SHA1 | 59f175a71ba4623f77b9a0e60e1bcfb997e595b5 |
| SHA256 | 19a3159e31fb6e46eec37ecee440dcc51ce3bf92a98593443f11099c83d4370a |
| SHA512 | b743e403aab45183da20c50893af98f6206437cb90e478614de19cfe8ee44ec986acbb1504a8375c7d5c39fcabb5ef2f2be50ae3c0c36ebf72a02fa5d8126201 |
C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\setupui.cont
| MD5 | 99ddbdb14e14e5e46049412a31825ecd |
| SHA1 | 7df3a1c3b6aa9e9a8de102886ef882c7df843974 |
| SHA256 | d26ecdd36d4b0cb1162d180c675e3f5bd125142899cfa23246c8b50dd7313a1a |
| SHA512 | 353f511bfc3b7bb3a70b6e005b91131f21cfb60a5960191d4b14791ffe892c5925f4658cbeb141873f12aa25a418e118822dfb3b96fef1c41f48c813c2c0faa5 |
C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\product-info.xml
| MD5 | cc0bee1c46961ec7fa9fd97f83d8859e |
| SHA1 | 73b29e5b9b5138f71ca0f35224de1ffb51546861 |
| SHA256 | 1f87d953b36d47ad82354d72ade7f831ce3e850948c428f53e0d5f5f5a966a97 |
| SHA512 | 0d8d7106ade53cc66f1202f46bd96ba8cc17148a90aa634692323bf65892c113173bf9813206352204af4d8cd9cc59f11994a6d3f6f4503f2aa6b731903c24e5 |
C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\ecoo.edat
| MD5 | 5832246a21ba0792a54f8b4ac451caf3 |
| SHA1 | 6404694caa0a26ba8fb4061c13691ba3cec07801 |
| SHA256 | ce596aa7c218d9263e8ab78a069c07c144b6e40301b2b737184650db465162de |
| SHA512 | 2187ee742ea77e57d0123811f7c0a1f27275ecd33a9a456716f61f65ba38f9a746e46b7f14b934cc252274da510b173ba5cb7ff5dbc180c6cd03e6060307e437 |
C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\dump_process.exe
| MD5 | c5822242c24400d1e9c8020864dd77d2 |
| SHA1 | feb315bbc33090cdac29608f2f608ecc983481dc |
| SHA256 | 8bd9cf28bd7d4c1f6fab7955f294fb69074d76666bf5b332bde5ca5c0d3019ad |
| SHA512 | 2dfd3b65f8b1e3e5aab4a169dbfea3659f7cacdf628fe4d6b45f97c7cdef076440c7900407b3772504ea1b40c090905a348757c54d83edff604d856ee43370d6 |
C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\bug_report.exe
| MD5 | 9317c087c4407638c1f2e9b0088ea301 |
| SHA1 | dcb654b51748dad9b71e10b2b00e132b904bd114 |
| SHA256 | 5ead5cf5ade667f404c5d08324708d2363ea205de723fdb6cbe92cec832c85e1 |
| SHA512 | 8a1413e7738b6f26126755a680ea6ba744c641743a98b4b968b0b7cc4d33646b7d31a9a840ade4d5b933903f118bf4a5f7da78814eac894e61440f01c06aff8e |
C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\common\product-def.xml
| MD5 | b0bed9d5cf5961d533f2193e6b10581a |
| SHA1 | af69d5d08f8a1234db89e4af0c13cc3d4607b408 |
| SHA256 | 6b64579b507508892f0fe699473aeb1cf2f2fdf6d346455437cea863149414ee |
| SHA512 | d8e59f5bedd985d29bdfb3d53102d5fb849ff1d8ea7b559021860dfe8dbe5ef89a3fb90d1da8bd5c3c983d425ae1b34c83cf34ff4c725cf15473d695c2bf94d2 |
C:\ProgramData\Privax\Icarus\Logs\icarus.log
| MD5 | 3966ec429c807c6df37f059d1f760bdf |
| SHA1 | 0121c09ecfc7b1439e895044b969af41148a4aba |
| SHA256 | 770ffb12213f00e08ebf81f282f9ba6e3f3e50b1566b1ec2e2122f7047a3cc10 |
| SHA512 | 284e9552df2fbaacc5873dd70d503eed56b542720842098cbfe7abf5a23f91dbd7d3a1636400324a681abe57278119c45f57a569d9cc5e35b11b2ff09b62a1ea |
C:\ProgramData\Privax\Icarus\Logs\sui.log
| MD5 | 450871ad7e5b809832b4875fd7aa58e2 |
| SHA1 | 88a5db30792332c4f44272e20e49a8033908cee6 |
| SHA256 | c6572eb5f367f289fd2eed21291c508502107d24bc87674adec1807b354d7422 |
| SHA512 | 75c4269fa147a062609d0d7b5677dcc37429e43502a6cfe1f601233878c094fd19c7cb3811bdcd1fdcece64c13ee7638bb081bc5c46a26affc10c89b1deb5fcd |
C:\ProgramData\Privax\Icarus\Logs\report.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\ProgramData\Privax\Icarus\settings\proxy.ini
| MD5 | d6de6577f75a4499fe64be2006979ae5 |
| SHA1 | 0c83a2008fa28a97eb4b01d98aeab90a2e4c8e69 |
| SHA256 | 87d882d37f63429088955a59b126f0d44fa728ce60142478004381a3604c9ea9 |
| SHA512 | cb4b42c07aa2da7857106c92bc6860a29d8a92f00e34f0df54f68c17945982bc01475c83b1a1079543404bb49342fc7cdc41d2ac32d71332439ceb27b5ad1c0c |
C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\privax-vpn\icarus_product.dll
| MD5 | 93e13290e97a3bb0710d581566d0b105 |
| SHA1 | ec34348ca5e1689183b2b7576749365e83095935 |
| SHA256 | b95f1578fe5c03b23450c4294dc8a573a9f0b86163fba77dcbcd465ae2ada87c |
| SHA512 | 0e119e093b2b35d0719cfd4bf95fd14786b5879d06aa0d28ce0bc0996616d32191bbc13bf9ebc0e6f8c3ffdebd0e3b092cf03047edb9d84d37b9216f3e00da7b |
C:\Users\Admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3
| MD5 | 22417b5d5eb168147f2c237d658a7163 |
| SHA1 | 6ae67daf07c0a187f397923ecba497e5ab01ed58 |
| SHA256 | f1945b77f21bf5b8174bc94d0d69d4446baffd6808185554f8ae541e4254ecb1 |
| SHA512 | 392b79a63b451495cc81877c288c0068d6c159bf0d7ce9ac0cc290128e57a5a1ebe0569dcbab85433448b3c1928be03cf01300ec7ae99573cfc4ef8c4c9b3cb8 |
C:\Users\Admin\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0
| MD5 | 96302eb020601aee7c3ba86932ff12bc |
| SHA1 | 66609bc1d21fe18073878bec0dc77e10dcfd4e63 |
| SHA256 | 1e71992608d73e44dc6d3f85b884e930753ea52d70990a7476377e42504ebf34 |
| SHA512 | 5ca0f9dbcfe79a8a38eec750c77659f98a0e04d5845623b393f00e45f1b56a9d3bfeb518f9157f89c6843196502449cac29d86e36e207ca7469c0b12f71ce1e9 |
C:\Windows\Temp\asw-5eae5d15-07e8-4f1c-8fa8-0e71bbe120f7\privax-vpn\config.def
| MD5 | daaa17da8179678d2a8f28f93b0afcd7 |
| SHA1 | d6cb5fae2e99dde34feb09adfccbadb4ecb86bc4 |
| SHA256 | 8be127d77130e20ee46f084231853266becaa0349a44da6ed4270c9b04c9261f |
| SHA512 | 1133753c891d59ef8ebb43a7601aa2ba5a72e32300ae32b847f75c3164b294dab9b24e57f3c66ae0e4c0ca75e2cbb175d49698540d972cdff2fd3b3ea887d4b4 |
memory/2672-116-0x000007FFFFF90000-0x000007FFFFFA0000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-20 11:25
Reported
2024-06-20 11:27
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-06-20_455caecc79ff99c68305b7e013818c77_magniber.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-20_455caecc79ff99c68305b7e013818c77_magniber.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-20_455caecc79ff99c68305b7e013818c77_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-20_455caecc79ff99c68305b7e013818c77_magniber.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |