Overview

overview

6

Static

static

1

2024-06-25...il.exe

windows7-x64

6

2024-06-25...il.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/06/2024, 13:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-25_72a658c77c01544c60455e85963c3405_magniber_metamorfo_revil.exe

  • Size

    52.8MB

  • MD5

    72a658c77c01544c60455e85963c3405

  • SHA1

    0bdbe3bf8724ba111f8d0b4572379aaa876b55cd

  • SHA256

    1e573437611330339570c42a912888ee16701e209bb728f3ec379e1836c51d13

  • SHA512

    c70d2ead90f5726ed978873c721244ef608abf5759903d8f62dd4cdcab631f1d5893dfe9404cd7347d60cd03d8601abc0bf8eb8d8627ebc66d2b88b6c5263857

  • SSDEEP

    786432:inf4UdVEy9qMBN6oOvoIV4c+9MHL9OS9hX6hULp8jWKO+m/Ko7Xyh7NFFBFh9ITt:in5OvoFiUiqqLuaKFytmh7NfHImHM

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in Program Files directory 1 IoCs
  • Loads dropped DLL 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-25_72a658c77c01544c60455e85963c3405_magniber_metamorfo_revil.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-25_72a658c77c01544c60455e85963c3405_magniber_metamorfo_revil.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Drops file in Program Files directory
    • Loads dropped DLL
    PID:3852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\netul.dll
    Filesize

    1.9MB

    MD5

    991f7dfe5115467b72de04d4ddeb6bac

    SHA1

    f31d9541d896955e1bcf48e01b68fc3374501998

    SHA256

    210ab11ab262d146ba4a8b1621668c5508f2e97d31788a1ec6474e5947479354

    SHA512

    52bc896a261534bb47b7c1342b2809d86288dbf07b08d344646a3719ab25e3e37c34adb9c7b2139f6518d56b528b73a500451c5948307a58dcfecdc0d2b2b9a4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{FD990EB1-120C-490a-B6F8-3A372D07208B}.tmp\7z.dll
    Filesize

    1.1MB

    MD5

    ea58ab20340cd1a4beeb1fe85bc09c9a

    SHA1

    0783d18e3ccc9faad51269c132d8fb559a2f83d2

    SHA256

    cfdd08f5fc342b4e4aa3c515d318307351be752cc79a6818dbb986cddac47d6d

    SHA512

    6f83ba8db59d8228f961f86364f1d4658e2f4b3773d0a8094f1f95eb635b68e08487a7286497de644a0c3ee83908ccc00e21048483f620ca86b30cfeba41b553

    Download Submit