Overview

overview

10

Static

static

3

2024-08-25...er.exe

windows7-x64

10

2024-08-25...er.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-08-2024 05:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-08-25_d5568bd7cb5aef02d1f19dbc9c42b060_magniber.exe

  • Size

    6.7MB

  • MD5

    d5568bd7cb5aef02d1f19dbc9c42b060

  • SHA1

    f85e3ab016c1566e810f554a9da18e488731c7cc

  • SHA256

    2cc7100ac0684b2c94e5268583e534b62d78859c35679a381616f2bca3f39676

  • SHA512

    1a3a5b75e8d7267b5cd4cc1aa4992f7cee93f0cf5f618a461a05a20c8bc57fc2dcec432b97456a14557585e9321cdfca6097a791fb12b9ba9b229b0ad129e7a3

  • SSDEEP

    98304:rG1KrbbKKQCJR5xyjycF1MnR/RE8+EGCZEBs7HPRSlfcLSHSlaj5W9PpBCMf:rG1KKCJrxOT1e2EGCZEGQeeyl7fF

Score
10/10
banloaddiscoverydownloaderdropperevasiontrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-08-25_d5568bd7cb5aef02d1f19dbc9c42b060_magniber.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-08-25_d5568bd7cb5aef02d1f19dbc9c42b060_magniber.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:228
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 1488
      2⤵
      • Program crash
      PID:1852
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 228 -ip 228
    1⤵
      PID:1168

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Itsth\Easy2Sync_for_Outlook\logfile.txt
      Filesize

      1KB

      MD5

      798543447e701c9fcdb0704b1100088a

      SHA1

      dac037dc9b24bfcbe51d198d4384a2e341fbd0b0

      SHA256

      db7a31734c0027ab19d09384c001953acff0bb67583993bf3dcad82bf31a3852

      SHA512

      e37432ec66c39751c07455069e1966204209e34721c9ccabd156e85daf1f438d8bfbb436beef49ddcfd83673b864e80bf532679f550eaf52ca767696968adeff

      Download Submit

    • memory/228-15-0x0000000000400000-0x0000000001693000-memory.dmp

      Filesize

      18.6MB

      Download

    • memory/228-17-0x0000000000400000-0x0000000001693000-memory.dmp

      Filesize

      18.6MB

      Download

    • memory/228-11-0x0000000000400000-0x0000000001693000-memory.dmp

      Filesize

      18.6MB

      Download

    • memory/228-12-0x0000000000400000-0x0000000001693000-memory.dmp

      Filesize

      18.6MB

      Download

    • memory/228-20-0x0000000003930000-0x0000000003B30000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/228-16-0x00000000038F0000-0x0000000003910000-memory.dmp

      Filesize

      128KB

      Download

    • memory/228-8-0x0000000003930000-0x0000000003B30000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/228-1-0x0000000000400000-0x0000000001693000-memory.dmp

      Filesize

      18.6MB

      Download

    • memory/228-14-0x0000000000400000-0x0000000001693000-memory.dmp

      Filesize

      18.6MB

      Download

    • memory/228-19-0x0000000000400000-0x0000000001693000-memory.dmp

      Filesize

      18.6MB

      Download

    • memory/228-41-0x0000000003930000-0x0000000003B30000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/228-44-0x0000000000400000-0x0000000001693000-memory.dmp

      Filesize

      18.6MB

      Download

    • memory/228-2-0x0000000003930000-0x0000000003B30000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/228-53-0x0000000000400000-0x0000000001693000-memory.dmp

      Filesize

      18.6MB

      Download

    • memory/228-54-0x0000000003930000-0x0000000003B30000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/228-56-0x0000000000400000-0x0000000001693000-memory.dmp

      Filesize

      18.6MB

      Download