magniber | 76c012f134e81138fb37ac3638488f309662efcc9bb4011ff8e54869f26bb119 | Triage

Submit
Reports

Overview

overview

Static

static

Antivirus_...1f.jse

windows7-x64

Antivirus_...1f.jse

windows10-2004-x64

Sharing

General

Target

Antivirus_Upgrade_Cloud.2736a0cc3a2e1f.jse
Size

161KB
Sample

220915-pv8e5sdag7
MD5

ed5481f4b64e048f09d5d9d880dafa23
SHA1

9948c71e77c9a7551f9f3b976da5b0e5e5950afe
SHA256

76c012f134e81138fb37ac3638488f309662efcc9bb4011ff8e54869f26bb119
SHA512

addd60848f245d83c70a65414b3d676e92ffdb2f31aa2de3497b8cda69ddb3938874aac062005c66d81af2451c545a5c871db4a392815cd9e69707b0388cbea0
SSDEEP

3072:5tCIP3D125lF+90AGp9K9zCdKuxkvhq8n8skOfx/bll25DftO5:PPz1GlF+9yjK9WBxkpq8n8mItO5

Score

10^/10

magniber evasion ransomware

Static task

static1

Behavioral task

behavioral1

Sample

Antivirus_Upgrade_Cloud.2736a0cc3a2e1f.jse

Resource

win7-20220901-en

magniber ransomware

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

Antivirus_Upgrade_Cloud.2736a0cc3a2e1f.jse

Resource

win10v2004-20220812-en

magniber evasion ransomware

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  Antivirus_Upgrade_Cloud.2736a0cc3a2e1f.jse
- Size
  
  161KB
- MD5
  
  ed5481f4b64e048f09d5d9d880dafa23
- SHA1
  
  9948c71e77c9a7551f9f3b976da5b0e5e5950afe
- SHA256
  
  76c012f134e81138fb37ac3638488f309662efcc9bb4011ff8e54869f26bb119
- SHA512
  
  addd60848f245d83c70a65414b3d676e92ffdb2f31aa2de3497b8cda69ddb3938874aac062005c66d81af2451c545a5c871db4a392815cd9e69707b0388cbea0
- SSDEEP
  
  3072:5tCIP3D125lF+90AGp9K9zCdKuxkvhq8n8skOfx/bll25DftO5:PPz1GlF+9yjK9WBxkpq8n8mItO5
Score

10^/10

magniber ransomware evasion
- Detect magniber ransomware
- Magniber Ransomware
  Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
  ransomware magniber
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes System State backups
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

magniberransomware

behavioral2

magniberevasionransomware

© 2018-2024

Terms | Privacy