magniber | 6d41befa35eac07ea647bebd21efbc38eb825a274ba1758701a4bf70d0ae5f91

Analysis

max time kernel
49s
max time network
55s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
15-09-2022 16:56

Target

SYSTEM.Critical.Upgrade.Win10.0.3328b853458d14.jse
Size

177KB
MD5

09eef16b2386f3c3026930d6e2cf4052
SHA1

52cb01541e9ffb62e8744fdd41c13bbeb5083aac
SHA256

5b6e931f07ac9d16237282dfb11bd76ae26cadd255a687c378f6b320cf231224
SHA512

10f444dc05b33612bfbfb684bb8b45fc18f963e2884947c3a94516d3111e33ca388dcf58a28434ff041fd7bc5ab78f889e766011a5cd54aae1f7fed1d3c203c6
SSDEEP

3072:9uACDasQAJWzjKoTVk/4wAn6YiUZPKlwQ/SBpkgxnl+Kvm25gfEb1J:9uzFJf/WXiUZSlHqBHlUKoEbX

Score

10^/10

Detect magniber ransomware 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/900-55-0x0000000005341000-0x000000000534C000-memory.dmp	family_magniber

Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
ransomware magniber

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	Process
Token: 33	1752	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1752	AUDIODG.EXE
Token: 33	1752	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1752	AUDIODG.EXE

C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe "C:\Users\Admin\AppData\Local\Temp\SYSTEM.Critical.Upgrade.Win10.0.3328b853458d14.jse"
1⤵
PID:900

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x578
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1752

memory/900-54-0x0000000000140000-0x0000000000152000-memory.dmp

Filesize
72KB

Download
memory/900-55-0x0000000005341000-0x000000000534C000-memory.dmp

Filesize
44KB

Download
memory/1988-56-0x000007FEFBD81000-0x000007FEFBD83000-memory.dmp

Filesize
8KB

Download