magniber | 71ceb2ad434eb37db1b45f4f2bb9e9cf42ce6f328759ee4f21a40c5b1557c345 | Triage

Analysis

max time kernel
102s
max time network
112s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
13-10-2022 18:17

Sharing

Report Analysis Logs

General

Target

magniber.js
Size

172KB
MD5

66422ca83d86f5f9e18aa3da2765606c
SHA1

ef9b4fd687b41d504120f8970a157007ce2aef33
SHA256

6155453a58b0ba360fd18a32d838c4452fec374c364824b50447500c8fd12e80
SHA512

fd7f6b9678e8d7908a67d0166645c7dcfb50737954b3abdff84cde85fe7de5b9e4652affaba3ee742255d2c18f272a43906d3c218dc107fdf57f014805f6386f
SSDEEP

768:lf2dpCbpst8Z7BE4/wKw2pZSbIgMcLtKOXvSIhjIilDuBoWZq2g85UIIofMzVc2t:+45BcLs1ICiZ25PfIW5Yrh

Score

10^/10

magniber ransomware

Malware Config

Signatures

Detect magniber ransomware 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1324-54-0x0000000000340000-0x0000000000352000-memory.dmp	family_magniber
behavioral1/memory/1324-55-0x00000000051F6000-0x0000000005202000-memory.dmp	family_magniber

Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
ransomware magniber

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	1312	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1312	AUDIODG.EXE
Token: 33	1312	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1312	AUDIODG.EXE

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\magniber.js
1⤵
PID:1324

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1664

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1612

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x564
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1324-54-0x0000000000340000-0x0000000000352000-memory.dmp

Filesize
72KB

Download
memory/1324-55-0x00000000051F6000-0x0000000005202000-memory.dmp

Filesize
48KB

Download
memory/1664-56-0x000007FEFB881000-0x000007FEFB883000-memory.dmp

Filesize
8KB

Download