magniber | dfa32d8ed7c429b020c0581148a55bc752c35834d7a2b1bae886f2b436285c94 | Triage

Submit
Reports

Overview

overview

Static

static

SYSTEM.Cri...9b1.js

windows7-x64

SYSTEM.Cri...9b1.js

windows10-2004-x64

Sharing

General

Target

SYSTEM.Critical.Upgrade.Win10.0.ba45bd8ee89b1.js
Size

217KB
Sample

220920-qc8tmachh3
MD5

0fd4c12239b945723e6c622d48f07979
SHA1

22cbc2c26832c8c3dd4be9c7fe6bbe94dbfbcdb2
SHA256

dfa32d8ed7c429b020c0581148a55bc752c35834d7a2b1bae886f2b436285c94
SHA512

a37affd28bc088ff6a27ac22e69e2479c2b4eeb015fd8d284097ce174f2ca6af87719b205d0e9fb5e6b3bfcf4bfb7fd21f64956eb173adfe854b3dc10db3c40b
SSDEEP

1536:t0AGu7QKLA6Yw14Gl1SSHwb5Wo3ayPu8Iow7of50bgd0BwNH2UB7zyigICK5iu/d:6Tmp25gfWPV

Score

10^/10

magniber evasion ransomware

Static task

static1

Behavioral task

behavioral1

Sample

SYSTEM.Critical.Upgrade.Win10.0.ba45bd8ee89b1.js

Resource

win7-20220812-en

magniber ransomware

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

SYSTEM.Critical.Upgrade.Win10.0.ba45bd8ee89b1.js

Resource

win10v2004-20220812-en

magniber evasion ransomware

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  SYSTEM.Critical.Upgrade.Win10.0.ba45bd8ee89b1.js
- Size
  
  217KB
- MD5
  
  0fd4c12239b945723e6c622d48f07979
- SHA1
  
  22cbc2c26832c8c3dd4be9c7fe6bbe94dbfbcdb2
- SHA256
  
  dfa32d8ed7c429b020c0581148a55bc752c35834d7a2b1bae886f2b436285c94
- SHA512
  
  a37affd28bc088ff6a27ac22e69e2479c2b4eeb015fd8d284097ce174f2ca6af87719b205d0e9fb5e6b3bfcf4bfb7fd21f64956eb173adfe854b3dc10db3c40b
- SSDEEP
  
  1536:t0AGu7QKLA6Yw14Gl1SSHwb5Wo3ayPu8Iow7of50bgd0BwNH2UB7zyigICK5iu/d:6Tmp25gfWPV
Score

10^/10

magniber ransomware evasion
- Detect magniber ransomware
- Magniber Ransomware
  Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
  ransomware magniber
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes System State backups
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

magniberransomware

behavioral2

magniberevasionransomware

© 2018-2024

Terms | Privacy