Overview

overview

7

Static

static

3

2024-08-29...er.exe

windows7-x64

7

2024-08-29...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    14s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    29/08/2024, 15:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-08-29_1ed9d9ee9372a95afb6532c524e98345_magniber.exe

  • Size

    731KB

  • MD5

    1ed9d9ee9372a95afb6532c524e98345

  • SHA1

    1575dbebb468dd7966054db83c45e0e3d88e100d

  • SHA256

    71387a7b3d19b540eba6e5cdc813fd41b852383159384214586b9ccf06d574db

  • SHA512

    df2c81e59ff1e15a4b6da3d634cdf9390495d05f5e46107b0ebe34918806e94592497f30d8b3c69c118626a23e2004bc93f93e901df037d769eaded93a672b59

  • SSDEEP

    12288:4SrCcSyTY1nqRZE4nj6Em8rdRgPG8o8+OD49bvrvAdVK3xfMdyth9KcVMPDuvfyF:yD1qZjGWhue8YvrvAdVyxMdyLVMSiI4

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 64 IoCs
  • NTFS ADS 3 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-08-29_1ed9d9ee9372a95afb6532c524e98345_magniber.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-08-29_1ed9d9ee9372a95afb6532c524e98345_magniber.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • NTFS ADS
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Users\Admin\AppData\Local\Temp\2024-08-29_1ed9d9ee9372a95afb6532c524e98345_magniber.exe
      "C:\Users\Admin\AppData\Local\Temp\2024-08-29_1ed9d9ee9372a95afb6532c524e98345_magniber.exe" /retrynav 1
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2764
      • C:\Users\Admin\AppData\Local\Temp\2024-08-29_1ed9d9ee9372a95afb6532c524e98345_magniber.exe
        "C:\Users\Admin\AppData\Local\Temp\2024-08-29_1ed9d9ee9372a95afb6532c524e98345_magniber.exe" /retrynav 2
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • NTFS ADS
        • Suspicious use of SetWindowsHookEx
        PID:288

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2024-08-29_1ed9d9ee9372a95afb6532c524e98345_magniber.exe:typelib
    Filesize

    8KB

    MD5

    1c577aa079340cc1cbdb4d432edb20af

    SHA1

    b3043238c4247d392a03f8813cf772dbf8c2dc2b

    SHA256

    f66095a6eb47706c5881ead875438c8b64792f6cb4a0fd121fe82a658bda9782

    SHA512

    0e8ce68934233b8d4226a0048bc0ef65bfece26fc72d4f04d897362c335667a0e814cfd0416202cb048c7f40f5cd6010916016570b7191b636b18ce90c152ec9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2024-08-29_1ed9d9ee9372a95afb6532c524e98345_magniber.exe
    Filesize

    731KB

    MD5

    1ed9d9ee9372a95afb6532c524e98345

    SHA1

    1575dbebb468dd7966054db83c45e0e3d88e100d

    SHA256

    71387a7b3d19b540eba6e5cdc813fd41b852383159384214586b9ccf06d574db

    SHA512

    df2c81e59ff1e15a4b6da3d634cdf9390495d05f5e46107b0ebe34918806e94592497f30d8b3c69c118626a23e2004bc93f93e901df037d769eaded93a672b59

    Download Submit

  • memory/288-76-0x00000000006D0000-0x00000000007AC000-memory.dmp

    Filesize

    880KB

    Download

  • memory/288-94-0x00000000006D0000-0x00000000007AC000-memory.dmp

    Filesize

    880KB

    Download

  • memory/288-95-0x00000000006D0000-0x00000000007AC000-memory.dmp

    Filesize

    880KB

    Download

  • memory/288-92-0x00000000006D0000-0x00000000007AC000-memory.dmp

    Filesize

    880KB

    Download

  • memory/288-90-0x00000000006D0000-0x00000000007AC000-memory.dmp

    Filesize

    880KB

    Download

  • memory/288-91-0x00000000006D0000-0x00000000007AC000-memory.dmp

    Filesize

    880KB

    Download

  • memory/288-89-0x00000000006D0000-0x00000000007AC000-memory.dmp

    Filesize

    880KB

    Download

  • memory/288-88-0x00000000006D0000-0x00000000007AC000-memory.dmp

    Filesize

    880KB

    Download

  • memory/288-77-0x00000000006D0000-0x00000000007AC000-memory.dmp

    Filesize

    880KB

    Download

  • memory/288-79-0x00000000006D0000-0x00000000007AC000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2212-17-0x00000000004C0000-0x000000000059C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2212-35-0x00000000004C0000-0x000000000059C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2212-1-0x00000000004C0000-0x000000000059C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2212-31-0x00000000004C0000-0x000000000059C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2212-37-0x00000000004C0000-0x000000000059C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2212-4-0x00000000004C0000-0x000000000059C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2212-6-0x00000000004C0000-0x000000000059C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2212-32-0x00000000004C0000-0x000000000059C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2212-7-0x00000000004C0000-0x000000000059C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2212-8-0x00000000004C0000-0x000000000059C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2212-11-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-18-0x00000000004C0000-0x000000000059C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2212-0-0x00000000004C0000-0x000000000059C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2212-29-0x00000000004C0000-0x000000000059C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2764-44-0x0000000000740000-0x000000000081C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2764-72-0x0000000000740000-0x000000000081C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2764-67-0x0000000000740000-0x000000000081C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2764-68-0x0000000000740000-0x000000000081C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2764-65-0x0000000000740000-0x000000000081C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2764-64-0x0000000000740000-0x000000000081C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2764-54-0x0000000000740000-0x000000000081C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2764-53-0x0000000000740000-0x000000000081C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2764-42-0x0000000000740000-0x000000000081C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2764-41-0x0000000000740000-0x000000000081C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2764-34-0x0000000000740000-0x000000000081C000-memory.dmp

    Filesize

    880KB

    Download