0482177f998308973fb29e4291879c4933a0e4298d37a8faa91e5a2f3e413fb0

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 08:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-06-27_1808d21d28904f2e358e59ccdbb7a826_magniber_revil.exe
Size

5.7MB
MD5

1808d21d28904f2e358e59ccdbb7a826
SHA1

0fca765eea33d6c3ae224348738f13a5d73aed0b
SHA256

0482177f998308973fb29e4291879c4933a0e4298d37a8faa91e5a2f3e413fb0
SHA512

080852b050ed9d15548c51ba0508286e87d16288111324290dc7af4f6cb5edb182bc050dc0ca6064dd9ad6a3c8305670b89e9d28543b640672cce424618c101a
SSDEEP

98304:b/6n94bDY2EBcBuq62V///4nAWakrn7S/IhWoaVVfs/VIsMF4JD8iulhq7NmZkVK:uMD+cpvJ/4H3nmghWoa/fsysMF4JD85V

Score

9^/10

evasion

Malware Config

Signatures

Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Oracle\VirtualBox Guest Additions	2024-06-27_1808d21d28904f2e358e59ccdbb7a826_magniber_revil.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4572	2024-06-27_1808d21d28904f2e358e59ccdbb7a826_magniber_revil.exe
4572	2024-06-27_1808d21d28904f2e358e59ccdbb7a826_magniber_revil.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4572	2024-06-27_1808d21d28904f2e358e59ccdbb7a826_magniber_revil.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4572	2024-06-27_1808d21d28904f2e358e59ccdbb7a826_magniber_revil.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-27_1808d21d28904f2e358e59ccdbb7a826_magniber_revil.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-27_1808d21d28904f2e358e59ccdbb7a826_magniber_revil.exe"
1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
310B

MD5
2e02e85a2f4894c1c81850db2cff26ca

SHA1
2ef3693f7d5a9b345fade6264da49d6ccf0b56fd

SHA256
390b2b0e2a5f7ec4e9ed9d5f8dc6c7c3fb4c83ca5fb8299ce1f52af448d472bb

SHA512
199ea2c40b6c5584549deb1df8db4ced6279f02bb9704497d39c97603c5fdc62768362c7808738fa023e92f0e76492c7348b838d1767979b8dc9910e30fec589

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
3KB

MD5
30d136edb6c8bc9d77436435e8d46d25

SHA1
d5cd59d55cb5213e07b8116a9ae418ef6927a326

SHA256
b13d800fa5b229dae73c3a75339f304ba1d38989fbed15e6a8a53df9e0c2f120

SHA512
2599b5b6f74a2cc12941b282e4b956ec2aae402027c47d3a4bf5702df1bfde4f3747f28207828b4e6de24a583eb4fdd4e4256e1388761302d4c018c0cfe5b19a

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
4KB

MD5
8d0846d82561f3154f898d60c423f04a

SHA1
1187323ba6fbe1f4157848c680ce862cacd215d4

SHA256
cc7d6e6c4bf632f688bcf23b22e5f5c95b0eb504b92247dbe7a11697c45ccb99

SHA512
4620a6016d0605816e4cb4b9336bf47d4e2d8b8ff3739faf69e6b46735b692bb033bbf23e6853eecc09d5372520562534b29ad85c476fbafe4daf8ae5be26d55

Download Submit