Overview

overview

10

Static

static

3

2024-07-10...er.exe

windows7-x64

10

2024-07-10...er.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    10-07-2024 14:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-10_ae274f3bce2b446010e2e9a397ab1193_magniber.exe

  • Size

    19.7MB

  • MD5

    ae274f3bce2b446010e2e9a397ab1193

  • SHA1

    c4d3ce59c2b8863eef8735af5d4d2cea4001b0ae

  • SHA256

    0b8424667b248e360b1fb75b2de847781dad2e825af858d7d465f5f9bec8c49b

  • SHA512

    58f3c5f27a53b4c4c8642bd586abe542bd7516ed59ad31be04e63833b94c59bcbe42e2e854d8f30de4161fed547a2f6a4d247b0d4200eb1b6ff426e2892f1840

  • SSDEEP

    196608:tigxKfMh9YH/gt7A6jbcMS/wURqC/Py4eY4VUF66slEkRxj27Rs/B:ti1f8Yf27AobNPUt/PMV866slEkGFY

Score
10/10
banloaddownloaderdroppertrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Modifies registry class 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-10_ae274f3bce2b446010e2e9a397ab1193_magniber.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-10_ae274f3bce2b446010e2e9a397ab1193_magniber.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\Users\Admin\AppData\Local\Temp\2024-07-10_ae274f3bce2b446010e2e9a397ab1193_magniber.exe
      "C:\Users\Admin\AppData\Local\Temp\2024-07-10_ae274f3bce2b446010e2e9a397ab1193_magniber.exe"
      2⤵
      • Checks BIOS information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:1948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1948-0-0x00000000048A0000-0x0000000004AB6000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1948-4-0x00000000048A0000-0x0000000004AB6000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1948-16-0x0000000002B50000-0x0000000002B70000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1948-12-0x0000000000400000-0x0000000002941000-memory.dmp

    Filesize

    37.3MB

    Download

  • memory/1948-13-0x0000000000400000-0x0000000002941000-memory.dmp

    Filesize

    37.3MB

    Download

  • memory/1948-15-0x0000000000400000-0x0000000002941000-memory.dmp

    Filesize

    37.3MB

    Download

  • memory/2276-5-0x0000000000400000-0x0000000002941000-memory.dmp

    Filesize

    37.3MB

    Download

  • memory/2276-6-0x0000000004740000-0x0000000006C81000-memory.dmp

    Filesize

    37.3MB

    Download

  • memory/2276-17-0x0000000000400000-0x0000000002941000-memory.dmp

    Filesize

    37.3MB

    Download

  • memory/2276-18-0x0000000004740000-0x0000000006C81000-memory.dmp

    Filesize

    37.3MB

    Download