Overview

overview

7

Static

static

3

2024-08-14...ng.exe

windows7-x64

7

2024-08-14...ng.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/08/2024, 15:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-08-14_a08d5e1d617f392d108fb39e0c5fac79_magniber_viking.exe

  • Size

    1.8MB

  • MD5

    a08d5e1d617f392d108fb39e0c5fac79

  • SHA1

    74db691867205c99442c787124a28e1bec774709

  • SHA256

    f408cb47c120faff219d11cac9bfb39764f2e9cff307e1b3f833a0d38ddc2947

  • SHA512

    92b55c8f113b4e307ef763c146499a75d352a1fe12fdd95a8194d9f9615059c1ad3ba469db87863d63d154560f38f0ed112f306d27c46c6cc3b2d17398ab381c

  • SSDEEP

    49152:H71fMaeZgHCvLaqvcBVjhr0Lvb+0oC2pHyQMJjkEiNpE1sk4:RfMaeZgizaqv8L0jb+OG

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3540
      • C:\Users\Admin\AppData\Local\Temp\2024-08-14_a08d5e1d617f392d108fb39e0c5fac79_magniber_viking.exe
        "C:\Users\Admin\AppData\Local\Temp\2024-08-14_a08d5e1d617f392d108fb39e0c5fac79_magniber_viking.exe"
        2⤵
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1804
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8368.bat
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:224
          • C:\Users\Admin\AppData\Local\Temp\2024-08-14_a08d5e1d617f392d108fb39e0c5fac79_magniber_viking.exe
            "C:\Users\Admin\AppData\Local\Temp\2024-08-14_a08d5e1d617f392d108fb39e0c5fac79_magniber_viking.exe"
            4⤵
            • Executes dropped EXE
            PID:2036
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3968
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2440
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
              • System Location Discovery: System Language Discovery
              PID:2220

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
      Filesize

      244KB

      MD5

      676570accfec45566e494b5e2955eec5

      SHA1

      623ab3b5c94421621f215876a7923200b395ed2a

      SHA256

      292cb5932be938c12335d9c1ff6761f0fdf3c3097f5cbad390c8c7d4688ec7ca

      SHA512

      5ebfa2b9291f527e8d5b48a56ddf83c175ca5abfbe5db07e1b18e325e7ed6f75a254ec70020ef3f64306274c61488d1ba3d4d9d904db0ece318a671ab2676dcd

      Download Submit

    • C:\Program Files\7-Zip\7z.exe
      Filesize

      570KB

      MD5

      4b1e3f13d34ccee368a110d269590238

      SHA1

      c1b748eb83d72906b449dd8712fc556419a20e6b

      SHA256

      c80dd370a6f1b1c293a418b2ef850358897a600b8ca1c2a35c09de85ae57a4d4

      SHA512

      1ecdfd95557861f4ef21f80f46164f13726ec605fb63ad03c02fb6518c64ef4e2f0e0e5c7fb9567afaa0135fd0e1496bbde9f0cf8048f594f96949b31a09a52f

      Download Submit

    • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
      Filesize

      636KB

      MD5

      53ee62011469b286a2a1b5658c86b9bf

      SHA1

      9bdac0b23b0a965947c780c6a6b48fc7122f9ade

      SHA256

      7125735e4e8595f1c17ff3235bc65dacabc2ec874b29ac7ba8eddd80ad10b3c0

      SHA512

      c9c24e578da0a38048e71548fac66465bcb624e971f745bba559e8c49fd621752e718d4c983a90a97277407bb23348ca109436e1eeebef030c3b599c712ff236

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\$$a8368.bat
      Filesize

      692B

      MD5

      97c1ee9699e0d6ea3daa5c40551913ef

      SHA1

      f9e281e6369fb28d5abd54aeac90c9c0116d23a9

      SHA256

      ed052f4707477f83e7b14c638de1de899d68f87f4cd630bca1450b34e19745ff

      SHA512

      1ba528e11bfa1dae9cfae458bfd34f5df29e092b7978362fdb0cc9387bdb74b0e0bd9832ba56ea18b5baed9b6b306f4492fa8fcd152dd3da0c3415d2b6c49eb2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\2024-08-14_a08d5e1d617f392d108fb39e0c5fac79_magniber_viking.exe.exe
      Filesize

      1.7MB

      MD5

      626c79da751474f691e2e94df54c435f

      SHA1

      a8d61caec047066a7019213ba60b84b11e0389a1

      SHA256

      c8c64291571212e628707b15d4a4c8910ffc4233166a2fb184c8f85d3d3a17a2

      SHA512

      f16d92663eae90f1c26397297b1837fb2b76fe49009888376f58e7fe23d16686762235af0c034ede10e33ec76d2c74430468a70974d791146d7f122a008d33f7

      Download Submit

    • C:\Windows\Logo1_.exe
      Filesize

      26KB

      MD5

      f9b3dab069668bf11ce7ad403e0e270f

      SHA1

      edc90cba107110307160eb0364ff1db3ce438d12

      SHA256

      b9fa61e706b429e15d5c61ce570fe2466ed27d7261578c17c632b0dd92e31902

      SHA512

      ba6639e59b727a3708c17e5f1ade152748642cfb31ce9832746fa190454f632ec1e4ca20e63b58b9b216404d9fe7c07aa7e82f3a6c90c315d2e49d7162760137

      Download Submit

    • F:\$RECYCLE.BIN\S-1-5-21-786284298-625481688-3210388970-1000\_desktop.ini
      Filesize

      9B

      MD5

      fa81249b1f991386d1e1de2a5a03499e

      SHA1

      70e9b6e238a42e7472c1f5f2f4ea3f86f8352185

      SHA256

      5421d45a710074ffe77329c2300e528ce8feceb0748aacbd89ef2ed0aae5a87f

      SHA512

      bc652d20db7ab6bde42b15f5639c2b36e000179c232c4b9e3e218e670b93a6d7b73530b3bd6fdfca5d61c5a578c1e7508fb97f9bffdfa17dff214359b094e409

      Download Submit

    • memory/1804-11-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/1804-0-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/3968-27-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/3968-37-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/3968-33-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/3968-1233-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/3968-20-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/3968-4785-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/3968-8-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/3968-5230-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download