Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
19-06-2024 04:52
General
-
Target
2024-06-19_35a4093aa84921340790cd2cca6828d0_magniber_revil.exe
-
Size
70.9MB
-
MD5
35a4093aa84921340790cd2cca6828d0
-
SHA1
ffab58b5e16e2bbfe75287b14f329c9bbd4fa790
-
SHA256
1652f43525a84c6f33fd69ba45433bdf24bd90deb283dfcf326077fdaa8b8154
-
SHA512
1d7378005d099fc38c1cdf3c6b75e153e5ef442509bc92cc01b5f4fe696ce971d73b72b45ad7821f400c9377a29854760b67d46364b3e432c853eba4868ade49
-
SSDEEP
1572864:cdABF0N/9dWHC2iHtBkb6DhFXrFHYi3qw+ietvQ19oDL9S:M9TzSI
Score
10/10
Malware Config
Signatures
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\2024-06-19_35a4093aa84921340790cd2cca6828d0_magniber_revil.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-19_35a4093aa84921340790cd2cca6828d0_magniber_revil.exe"2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\dialer.exe"C:\Windows\system32\dialer.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1940-15-0x0000000000080000-0x0000000000089000-memory.dmpFilesize
36KB
-
memory/1940-21-0x0000000001CD0000-0x0000000001CDF000-memory.dmpFilesize
60KB
-
memory/1940-22-0x0000000001CDF000-0x00000000020D0000-memory.dmpFilesize
3.9MB
-
memory/1940-23-0x00000000771D1000-0x00000000772D2000-memory.dmpFilesize
1.0MB
-
memory/1940-17-0x0000000001CD0000-0x00000000020D0000-memory.dmpFilesize
4.0MB
-
memory/1940-18-0x00000000771D0000-0x0000000077379000-memory.dmpFilesize
1.7MB
-
memory/1940-20-0x0000000076F60000-0x0000000076FA7000-memory.dmpFilesize
284KB
-
memory/2220-8-0x0000000000240000-0x0000000000259000-memory.dmpFilesize
100KB
-
memory/2220-12-0x00000000771D0000-0x0000000077379000-memory.dmpFilesize
1.7MB
-
memory/2220-4-0x0000000000030000-0x0000000000037000-memory.dmpFilesize
28KB
-
memory/2220-10-0x00000000079D0000-0x0000000007DD0000-memory.dmpFilesize
4.0MB
-
memory/2220-11-0x00000000079D0000-0x0000000007DD0000-memory.dmpFilesize
4.0MB
-
memory/2220-14-0x0000000076F60000-0x0000000076FA7000-memory.dmpFilesize
284KB
-
memory/2220-6-0x0000000000230000-0x0000000000234000-memory.dmpFilesize
16KB
-
memory/2220-5-0x0000000000030000-0x0000000000037000-memory.dmpFilesize
28KB
-
memory/2220-7-0x0000000000230000-0x0000000000234000-memory.dmpFilesize
16KB
-
memory/2220-1-0x000000000044D000-0x0000000000467000-memory.dmpFilesize
104KB
-
memory/2220-9-0x0000000000240000-0x0000000000259000-memory.dmpFilesize
100KB
-
memory/2220-0-0x0000000000400000-0x0000000004DF4000-memory.dmpFilesize
74.0MB
-
memory/2220-2-0x0000000000020000-0x000000000002A000-memory.dmpFilesize
40KB
-
memory/2220-3-0x0000000000020000-0x000000000002A000-memory.dmpFilesize
40KB