49a7da479709e9a3dedf606e8c1c3ed1117646a9a05cf3422c37d5e95b936fff

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/09/2024, 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-03_ac93ccb5d00c75cdea50107f824e8fd6_magniber_revil.exe
Size

5.7MB
MD5

ac93ccb5d00c75cdea50107f824e8fd6
SHA1

d76ef366607b2f8758b641a7279101158e40a83a
SHA256

49a7da479709e9a3dedf606e8c1c3ed1117646a9a05cf3422c37d5e95b936fff
SHA512

5b5b7b462d930f22f7f1579f4b633f910e92ae220981b374bad29bba543aeedb4333a61edc28ac7be422a94f3c8d193452468c958b836eddae48752381e126c4
SSDEEP

98304:j/6n94bDY2EBcBuq62V///4nAWakrn7S/IhWoaVVfs/VIsMF4JD8iulhq7NmFkVy:mMD+cpvJ/4H3nmghWoa/fsysMF4JD85h

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-09-03_ac93ccb5d00c75cdea50107f824e8fd6_magniber_revil.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1948	2024-09-03_ac93ccb5d00c75cdea50107f824e8fd6_magniber_revil.exe
1948	2024-09-03_ac93ccb5d00c75cdea50107f824e8fd6_magniber_revil.exe
1948	2024-09-03_ac93ccb5d00c75cdea50107f824e8fd6_magniber_revil.exe
1948	2024-09-03_ac93ccb5d00c75cdea50107f824e8fd6_magniber_revil.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1948	2024-09-03_ac93ccb5d00c75cdea50107f824e8fd6_magniber_revil.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1948	2024-09-03_ac93ccb5d00c75cdea50107f824e8fd6_magniber_revil.exe

C:\Users\Admin\AppData\Local\Temp\2024-09-03_ac93ccb5d00c75cdea50107f824e8fd6_magniber_revil.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-03_ac93ccb5d00c75cdea50107f824e8fd6_magniber_revil.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
652B

MD5
677c341271b8d73eaa17a86561b2b849

SHA1
03efe53c395a10ac9e583bf2e2274007e3de56f2

SHA256
8a561635d3637144987f0cfbcbff53bf975df4302334f5fc5aba13ee70182b18

SHA512
e5038167eb57ab886222b6dc382e0a47fb1ca56730e8f775daa6b7880d52bc630710dd199f18de4c676ecf9c88e5e71a7a82bc54545fd90d6f2ea0c501822382

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
4KB

MD5
7af8ecdb009bb6e9aa6d83fee5f04129

SHA1
6d937ceeee5e4630262fb6d496120f4be17fcbea

SHA256
87b73b4e0d20e6353645c353b31be27b7a55be224a989c3b022f80c445248fd9

SHA512
b038a5c03a91c8ea5df119382b832cad5d647a1a4fc33a200adeb560a5989f5fbd0e06ef043e1a3cc5a4323abef2dc481fc8964492f7090acff4026c280f7a2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
310B

MD5
05a4da29390174d37d32816e25da03e9

SHA1
c001d51cd9d446c24ed7f4344ec4974d6cdb3b8c

SHA256
163e5c12258165f40094b9bb8ced969963e01ac6eb715120c79781194a906119

SHA512
4ba013fafe071b7ff3efbb13ffe63968691272b0199d2f592be8484dbd3230020a96cf967553acd4b295270eeeef19329cea30c9d2c683c7b19e4fd2664b718e

Download Submit