magniber | 12921c2d0578f9d83ada9dfc4eb362ba5258d44e07741fcce87fdd91118d7cd2 | Triage

Submit
Reports

Overview

overview

Static

static

SYSTEM.Cri...07d.js

windows7-x64

SYSTEM.Cri...07d.js

windows10-2004-x64

Sharing

General

Target

SYSTEM.Critical.Upgrade.Win10.0.26e26b85be2e07d.js
Size

212KB
Sample

220929-qznrzabad6
MD5

6a76eeb61c3f44ae8d61bbddc9b1f58e
SHA1

25ade112e1930ed4ca7501c0ab2944cb25738478
SHA256

12921c2d0578f9d83ada9dfc4eb362ba5258d44e07741fcce87fdd91118d7cd2
SHA512

a1b753cce043ee06b5b7520f4a46cc7fc704870d9d2ed9c7285bb2a4084a3075dff4c95ba369480dc5b9536ed2636bb856e4ac4e097322cb09b625260f13f518
SSDEEP

1536:rcVvZx6Nl+Ywq8zNNR6E4JrLZ8hsnUKMkQcIntkov/VJH8Uq0is6EHqUXnxA+ETK:t25gfhe7

Score

10^/10

magniber evasion ransomware

Static task

static1

Behavioral task

behavioral1

Sample

SYSTEM.Critical.Upgrade.Win10.0.26e26b85be2e07d.js

Resource

win7-20220812-en

magniber ransomware

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

SYSTEM.Critical.Upgrade.Win10.0.26e26b85be2e07d.js

Resource

win10v2004-20220812-en

magniber evasion ransomware

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  SYSTEM.Critical.Upgrade.Win10.0.26e26b85be2e07d.js
- Size
  
  212KB
- MD5
  
  6a76eeb61c3f44ae8d61bbddc9b1f58e
- SHA1
  
  25ade112e1930ed4ca7501c0ab2944cb25738478
- SHA256
  
  12921c2d0578f9d83ada9dfc4eb362ba5258d44e07741fcce87fdd91118d7cd2
- SHA512
  
  a1b753cce043ee06b5b7520f4a46cc7fc704870d9d2ed9c7285bb2a4084a3075dff4c95ba369480dc5b9536ed2636bb856e4ac4e097322cb09b625260f13f518
- SSDEEP
  
  1536:rcVvZx6Nl+Ywq8zNNR6E4JrLZ8hsnUKMkQcIntkov/VJH8Uq0is6EHqUXnxA+ETK:t25gfhe7
Score

10^/10

magniber ransomware evasion
- Detect magniber ransomware
- Magniber Ransomware
  Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
  ransomware magniber
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes System State backups
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

magniberransomware

behavioral2

magniberevasionransomware

© 2018-2024

Terms | Privacy