General
-
Target
SYSTEM.Critical.Upgrade.Win10.0.7f9deb08357b29.js
-
Size
222KB
-
Sample
221014-kg1e6affal
-
MD5
b23cae8d39d76a08197382e0d9d5c297
-
SHA1
2bcc921be8477c6cce77ff4782e068ca798318de
-
SHA256
934cfeb5ee3d2ba49831d76dffb1a2658326e1cd90b50779d6670eb2fbdc7ed1
-
SHA512
e120d8b7f60ec7029c00f23573bff52b3d5655c0657a42fc7585e66a256afc99df78d942778a87913a9271d0e4f233b5511bf40328c6244b773ef52b41a3b72b
-
SSDEEP
1536:62W2DpnCRTcWhVW+kIsoT3C9Adztk+sIbl2/V8pfzauBNo15q/K6cU77gVsCftVY:T25gfsss
Malware Config
Targets
-
-
Target
SYSTEM.Critical.Upgrade.Win10.0.7f9deb08357b29.js
-
Size
222KB
-
MD5
b23cae8d39d76a08197382e0d9d5c297
-
SHA1
2bcc921be8477c6cce77ff4782e068ca798318de
-
SHA256
934cfeb5ee3d2ba49831d76dffb1a2658326e1cd90b50779d6670eb2fbdc7ed1
-
SHA512
e120d8b7f60ec7029c00f23573bff52b3d5655c0657a42fc7585e66a256afc99df78d942778a87913a9271d0e4f233b5511bf40328c6244b773ef52b41a3b72b
-
SSDEEP
1536:62W2DpnCRTcWhVW+kIsoT3C9Adztk+sIbl2/V8pfzauBNo15q/K6cU77gVsCftVY:T25gfsss
Score10/10-
Detect magniber ransomware
-
Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Modifies boot configuration data using bcdedit
-
Deletes System State backups
Uses wbadmin.exe to inhibit system recovery.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-