General
-
Target
SYSTEM.Security.Database.Upgrade.Win10.0_1.jse
-
Size
192KB
-
Sample
220915-cz4xasbgc8
-
MD5
b40966619d66f80774ebf817c3316acc
-
SHA1
cdc90f17b5a54005993a4db61ac60e0b905f8416
-
SHA256
5472bce876d0758fb1379260504b791a3b8c95b87fc365f5ce8c3a6424facd34
-
SHA512
a489b19a01b66807e3cc5af17abdc679e72d34139b47f5face96ac68cf183f5d790d24adb065db9327dd82cde24532c3e193a716a5212df310f90eb7e241b88e
-
SSDEEP
6144:9a6398SbpjPvtKLqAMFHEbbz5ek3/Auyn5Ia:xnvkwdizUk3/Auynqa
Static task
static1
Behavioral task
behavioral1
Sample
SYSTEM.Security.Database.Upgrade.Win10.0_1.jse
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
SYSTEM.Security.Database.Upgrade.Win10.0_1.jse
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
SYSTEM.Security.Database.Upgrade.Win10.0_1.jse
-
Size
192KB
-
MD5
b40966619d66f80774ebf817c3316acc
-
SHA1
cdc90f17b5a54005993a4db61ac60e0b905f8416
-
SHA256
5472bce876d0758fb1379260504b791a3b8c95b87fc365f5ce8c3a6424facd34
-
SHA512
a489b19a01b66807e3cc5af17abdc679e72d34139b47f5face96ac68cf183f5d790d24adb065db9327dd82cde24532c3e193a716a5212df310f90eb7e241b88e
-
SSDEEP
6144:9a6398SbpjPvtKLqAMFHEbbz5ek3/Auyn5Ia:xnvkwdizUk3/Auynqa
Score10/10-
Detect magniber ransomware
-
Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-