Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
05/07/2024, 17:35
Static task
static1
Behavioral task
behavioral1
Sample
2024-07-05_8fbc5a9294d91ca256ee85204bbf9f10_magniber_revil.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
2024-07-05_8fbc5a9294d91ca256ee85204bbf9f10_magniber_revil.exe
Resource
win10v2004-20240704-en
General
-
Target
2024-07-05_8fbc5a9294d91ca256ee85204bbf9f10_magniber_revil.exe
-
Size
13.5MB
-
MD5
8fbc5a9294d91ca256ee85204bbf9f10
-
SHA1
02c1aba861364f670b4c619422e76370961c57b3
-
SHA256
4d6f160a5db6c555337d61f4be60a43ee3a64a86f177809d3f2622fdd9aded1f
-
SHA512
ae74661d22267945d706a643227a110380ea95b94d40a64fb886772a1011e117f36bf6e26da4558ef6f16046aa2a993dd615ddc2ef7097a85135d387a3ab9497
-
SSDEEP
196608:3EfOtV6osnLCtcAWCaSfI46JUF9n1NAA9MjJeksk0Cvx2YUXU5yLDAHdtlAfgsp7:eAc7CaSMJUFpfcNYCvECw3BbnS98
Malware Config
Signatures
-
resource yara_rule behavioral2/files/0x0008000000023401-9.dat aspack_v212_v242 -
Executes dropped EXE 2 IoCs
pid Process 1840 MHGLhsFRKOYyTJH.exe 3800 新(马贼复古)-24.07.01.dat -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1840 MHGLhsFRKOYyTJH.exe 1840 MHGLhsFRKOYyTJH.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3800 新(马贼复古)-24.07.01.dat 3800 新(马贼复古)-24.07.01.dat -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 3020 wrote to memory of 1840 3020 2024-07-05_8fbc5a9294d91ca256ee85204bbf9f10_magniber_revil.exe 83 PID 3020 wrote to memory of 1840 3020 2024-07-05_8fbc5a9294d91ca256ee85204bbf9f10_magniber_revil.exe 83 PID 3020 wrote to memory of 1840 3020 2024-07-05_8fbc5a9294d91ca256ee85204bbf9f10_magniber_revil.exe 83 PID 3020 wrote to memory of 3800 3020 2024-07-05_8fbc5a9294d91ca256ee85204bbf9f10_magniber_revil.exe 85 PID 3020 wrote to memory of 3800 3020 2024-07-05_8fbc5a9294d91ca256ee85204bbf9f10_magniber_revil.exe 85 PID 3020 wrote to memory of 3800 3020 2024-07-05_8fbc5a9294d91ca256ee85204bbf9f10_magniber_revil.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-07-05_8fbc5a9294d91ca256ee85204bbf9f10_magniber_revil.exe"C:\Users\Admin\AppData\Local\Temp\2024-07-05_8fbc5a9294d91ca256ee85204bbf9f10_magniber_revil.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3020 -
C:\Users\Admin\AppData\Local\Temp\ytool\MHGLhsFRKOYyTJH.exe"C:\Users\Admin\AppData\Local\Temp\2024-07-05_8fbc5a9294d91ca256ee85204bbf9f10_magniber_revil.exe" "C:\Users\Admin\AppData\Local\Temp\2024-07-05_8fbc5a9294d91ca256ee85204bbf9f10_magniber_revil.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1840
-
-
C:\Users\Admin\AppData\Local\Temp\新(马贼复古)-24.07.01.dat"C:\Users\Admin\AppData\Local\Temp\新(马贼复古)-24.07.01.dat"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3800
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.7MB
MD55c63fcd60d35af7c194880b8f5e9f1ef
SHA11cfba9eaa9edfc3f98718b2dfec38fc6c0885b69
SHA256a4e0d35e6f11a853bbeaedebbda054e7dd7ecf4cca4306f2e2fcf7ece04b2a18
SHA51210b64d6d0731241c3543a62572494ce3f5484845afd38bcbf2db77a19147abe75cdb2b16c94977f67456133a458ba55f1d365816e74d729641b7bf4afc74a827
-
Filesize
3.6MB
MD5c788763a84fef935186bbd5b465da7a9
SHA10bce416ddf9da2d5ea39eb6017acd0bf4ab03422
SHA2567b76de42fa2d5678e797f7697db151e3c3efab2e9f8d31af0a5484f02926350b
SHA512949ebcbf88f83f72cf0dfadf1e04232c8df1a3223d7fa0ec2098ec63db224c6ba8bc4706ff1d7d73b4768fa07168bb74bc2916b429d61ad8edcafb1b5c68f39e