Overview

overview

10

Static

static

3

2024-12-17...er.exe

windows7-x64

10

2024-12-17...er.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-12-2024 03:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-12-17_17a39da6c23c791046d0906257c1926d_magniber.exe

  • Size

    4.7MB

  • MD5

    17a39da6c23c791046d0906257c1926d

  • SHA1

    3d9f2b33dda94d23cd58960f303d0125783e16f0

  • SHA256

    3b2c00a098bd6f03c1b602de4139541205bb0cf5b7217df23bc10f7daa30a1e4

  • SHA512

    7171c4408d399f64fc680c20d27e3711724f891fe22b3fc993656f20ce4d1a0def82cdbe29016c42a4a0396e4f2ee4daccdd44094d211a4c92251c3b97fb4664

  • SSDEEP

    98304:Ecu/7nKC96SOzLJUf7XtOKiEB37VDxmbpaBH/5EcBt2qMCviphpUIOipeGsh:Ent/LsOhEt8H/5E3YiphiIOipHs

Score
10/10
expirobackdoordiscovery

Malware Config

Signatures

  • Expiro family
    expiro
  • Expiro, m0yv

    Expiro aka m0yv is a multi-functional backdoor written in C++.

    backdoorexpiro
  • Expiro payload 1 IoCs
    backdoor
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-12-17_17a39da6c23c791046d0906257c1926d_magniber.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-12-17_17a39da6c23c791046d0906257c1926d_magniber.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:2640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2640-0-0x0000000000400000-0x0000000000A21000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2640-1-0x000000000055A000-0x000000000055C000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2640-2-0x0000000000400000-0x0000000000A21000-memory.dmp

    Filesize

    6.1MB

    Download