Analysis
-
max time kernel
94s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
12-10-2024 20:22
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-12_b79647b3d8e9c771b339badbdefdb404_magniber.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-10-12_b79647b3d8e9c771b339badbdefdb404_magniber.exe
Resource
win10v2004-20241007-en
General
-
Target
2024-10-12_b79647b3d8e9c771b339badbdefdb404_magniber.exe
-
Size
7.5MB
-
MD5
b79647b3d8e9c771b339badbdefdb404
-
SHA1
c697e481cacd9e24a1e64e405976ade929d841aa
-
SHA256
91c5f6a7c5aa7bb3f737805499c102d1ff954a732e24bbdb06d656cb7581f7f7
-
SHA512
08b8226d57d82cc42d331468a0f0d5ccf67ed1d315a0770719e91a6ae44f31aed43e5de76bd8ee48b4335843738cea8c90815d373864cf11a01a67536f095752
-
SSDEEP
98304:/t+ebVLdahr+YTRi0TGgU8oxKFK7JIhXa1PSELk/GEAUfZ82ub8GRprbGJ1y1xWo:Rh6hoeK71aELkaUfdOMeXdVlG5Fp+
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3252 2024-15mhXaUsdvTu6N.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-12_b79647b3d8e9c771b339badbdefdb404_magniber.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-15mhXaUsdvTu6N.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3252 2024-15mhXaUsdvTu6N.exe 3252 2024-15mhXaUsdvTu6N.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1848 2024-10-12_b79647b3d8e9c771b339badbdefdb404_magniber.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1848 wrote to memory of 3252 1848 2024-10-12_b79647b3d8e9c771b339badbdefdb404_magniber.exe 86 PID 1848 wrote to memory of 3252 1848 2024-10-12_b79647b3d8e9c771b339badbdefdb404_magniber.exe 86 PID 1848 wrote to memory of 3252 1848 2024-10-12_b79647b3d8e9c771b339badbdefdb404_magniber.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-10-12_b79647b3d8e9c771b339badbdefdb404_magniber.exe"C:\Users\Admin\AppData\Local\Temp\2024-10-12_b79647b3d8e9c771b339badbdefdb404_magniber.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:1848 -
C:\Users\Admin\AppData\Local\Temp\2024-15mhXaUsdvTu6N.exe"2024-15mhXaUsdvTu6N.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3252
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7.5MB
MD5598e149f5da149a070d95b12a1172e2c
SHA142e6c73cc37d9a350487a6c27482154a69465e89
SHA256ae1f36d545368c79a9eb1977475367fd17cc0f09b8a11778dba84e66cf839451
SHA512f3e396ef4b7f03e29ed415840a27533ea593909ffe6ebbf1e8b56524e6eb57eecaaa5e6fb3a080accf0f844586c27a6da2e37485be823830409099775344a07b
-
Filesize
19B
MD5f8d4b5e47504d9a87fe49501720e1c80
SHA13fbc9bf84e1e9d6d4d69b3b8b05397520295063f
SHA256e322132f7d119ddb53ccb5d6b9e009f7e17c0280cd9a8e16f95f60040fe0359f
SHA5129876f7ab11fe125f2b32816bb8901de8f9c7d5552345529c6b5275f37c138162ae4f49977aea316048c0ddac449ee22fba5b502d4a03df5b92a7b5ffcf271736