Overview

overview

8

Static

static

3

Magic Bull...in.exe

windows7-x64

6

Magic Bull...in.exe

windows10-2004-x64

8

Magic Bull....1.exe

windows7-x64

7

Magic Bull....1.exe

windows10-2004-x64

7

Magic Bull...er.exe

windows7-x64

3

Magic Bull...er.exe

windows10-2004-x64

3

Magic Bull...oy.exe

windows7-x64

1

Magic Bull...oy.exe

windows10-2004-x64

1

Magic Bull...er.exe

windows7-x64

1

Magic Bull...er.exe

windows10-2004-x64

1

Magic Bull...ll.bat

windows7-x64

1

Magic Bull...ll.bat

windows10-2004-x64

1

outputs/RG...ng.dll

windows7-x64

1

outputs/RG...ng.dll

windows10-2004-x64

1

lib/ContentCoreUI.dll

windows7-x64

1

lib/ContentCoreUI.dll

windows10-2004-x64

1

panel/com....min.js

windows7-x64

3

panel/com....min.js

windows10-2004-x64

3

panel/com....min.js

windows7-x64

3

panel/com....min.js

windows10-2004-x64

3

panel/com....min.js

windows7-x64

3

panel/com....min.js

windows10-2004-x64

3

panel/com....lib.js

windows7-x64

3

panel/com....lib.js

windows10-2004-x64

3

panel/com....min.js

windows7-x64

3

panel/com....min.js

windows10-2004-x64

3

panel/com....min.js

windows7-x64

3

panel/com....min.js

windows10-2004-x64

3

panel/com....min.js

windows7-x64

3

panel/com....min.js

windows10-2004-x64

3

panel/com....min.js

windows7-x64

3

panel/com....min.js

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    39s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12/09/2024, 21:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Magic Bullet Looks 2024/Red Giant Magic Bullet Suite 2024/Step 2/RedGiant Activation Service Unlocker 2024.1.1.exe

  • Size

    6.0MB

  • MD5

    aaa25d8889e758325f07a222dde95cfb

  • SHA1

    b184be92215ee836d4d01d25e1b6365e32ca7d3f

  • SHA256

    81041292f487cbbb94a69a539f626e4f0bbf9c9b5aeabb360630f51b6f29bcb0

  • SHA512

    aee53941c6495cda06e0b598bf5298d632b9b39f7e5e56d8dc7b07c8e5d566571fa09916b545b0cfbcad348de76851b62713d5fa8c5ad97f5b913180cd8daed0

  • SSDEEP

    98304:awEUNLNbrBlj5CPI7MyXXW4+Bqz0W5Gqj3YGAS8I4kXUGV:aJWnjTXWgFGqrpASwkX3

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Magic Bullet Looks 2024\Red Giant Magic Bullet Suite 2024\Step 2\RedGiant Activation Service Unlocker 2024.1.1.exe
    "C:\Users\Admin\AppData\Local\Temp\Magic Bullet Looks 2024\Red Giant Magic Bullet Suite 2024\Step 2\RedGiant Activation Service Unlocker 2024.1.1.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:868
    • C:\Users\Admin\AppData\Local\Temp\is-32M0R.tmp\RedGiant Activation Service Unlocker 2024.1.1.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-32M0R.tmp\RedGiant Activation Service Unlocker 2024.1.1.tmp" /SL5="$40016,5336498,842240,C:\Users\Admin\AppData\Local\Temp\Magic Bullet Looks 2024\Red Giant Magic Bullet Suite 2024\Step 2\RedGiant Activation Service Unlocker 2024.1.1.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: GetForegroundWindowSpam
      PID:3008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-32M0R.tmp\RedGiant Activation Service Unlocker 2024.1.1.tmp
    Filesize

    3.1MB

    MD5

    8222e671fc0008ee8ebd72878c42aaac

    SHA1

    e2007831545f753cb4f45bd9ed6cb8ab6f860aa6

    SHA256

    29d22b0353fbe2d218b80809876a7ad148bc89e799f2a631a0c80bac5f8476fe

    SHA512

    f7b6ccb50891243a033788becf360e9f3475f07a12edd8bd68910f036bb21cf5351659dda4141f756a087039534e9e1a818d6810d953c00013c7442a8ccffd00

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-FQHUE.tmp\_isetup\_iscrypt.dll
    Filesize

    2KB

    MD5

    a69559718ab506675e907fe49deb71e9

    SHA1

    bc8f404ffdb1960b50c12ff9413c893b56f2e36f

    SHA256

    2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

    SHA512

    e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

    Download Submit

  • memory/868-0-0x0000000000400000-0x00000000004DE000-memory.dmp

    Filesize

    888KB

    Download

  • memory/868-2-0x0000000000401000-0x00000000004C1000-memory.dmp

    Filesize

    768KB

    Download

  • memory/868-13-0x0000000000400000-0x00000000004DE000-memory.dmp

    Filesize

    888KB

    Download

  • memory/3008-10-0x0000000000400000-0x0000000000726000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3008-14-0x0000000000400000-0x0000000000726000-memory.dmp

    Filesize

    3.1MB

    Download