magniber | 513d8f9c6ee757d3d473c63c5df7b672631d3ffa735f94f59e9fe98e39d60088

Analysis

max time kernel
142s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 07:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ConsoleApplication1.exe
Size

51KB
MD5

a9165accb037d84b5ebc6602c6b984ea
SHA1

0352a0cb2d582bfdb18774c49459f70fa1249ac4
SHA256

513d8f9c6ee757d3d473c63c5df7b672631d3ffa735f94f59e9fe98e39d60088
SHA512

623c24d7c4642514e6d71be032cb6d6988e6063c95c47d4f7138c463442b4b024ed93fa79ea8691dd5ed503f6122bdfcecb21908428499109774a8b3e136114e
SSDEEP

768:kLuvk93lA9o5dpgqXtcGPhFDhgYBod9OxYXA:lkU9q3gcLPhhhgYW9

Score

10^/10

magniber ransomware

Malware Config

Signatures

Detect magniber ransomware 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1896-54-0x00000000001D0000-0x00000000001DB000-memory.dmp	family_magniber

Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
ransomware magniber

Modifies extensions of user files 14 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

Processes:

ConsoleApplication1.exe

description	ioc	process
File renamed	C:\Users\Admin\Pictures\RestartSkip.tif => C:\Users\Admin\Pictures\RestartSkip.tif.rfguxgmap	ConsoleApplication1.exe
File renamed	C:\Users\Admin\Pictures\ConfirmShow.crw => C:\Users\Admin\Pictures\ConfirmShow.crw.rfguxgmap	ConsoleApplication1.exe
File renamed	C:\Users\Admin\Pictures\JoinDismount.raw => C:\Users\Admin\Pictures\JoinDismount.raw.rfguxgmap	ConsoleApplication1.exe
File renamed	C:\Users\Admin\Pictures\MountRegister.raw => C:\Users\Admin\Pictures\MountRegister.raw.rfguxgmap	ConsoleApplication1.exe
File renamed	C:\Users\Admin\Pictures\MeasurePop.tiff => C:\Users\Admin\Pictures\MeasurePop.tiff.rfguxgmap	ConsoleApplication1.exe
File renamed	C:\Users\Admin\Pictures\UpdateUndo.crw => C:\Users\Admin\Pictures\UpdateUndo.crw.rfguxgmap	ConsoleApplication1.exe
File renamed	C:\Users\Admin\Pictures\UseReset.crw => C:\Users\Admin\Pictures\UseReset.crw.rfguxgmap	ConsoleApplication1.exe
File opened for modification	C:\Users\Admin\Pictures\MeasurePop.tiff	ConsoleApplication1.exe
File renamed	C:\Users\Admin\Pictures\CheckpointRemove.crw => C:\Users\Admin\Pictures\CheckpointRemove.crw.rfguxgmap	ConsoleApplication1.exe
File renamed	C:\Users\Admin\Pictures\RedoClose.raw => C:\Users\Admin\Pictures\RedoClose.raw.rfguxgmap	ConsoleApplication1.exe
File renamed	C:\Users\Admin\Pictures\CompareSuspend.png => C:\Users\Admin\Pictures\CompareSuspend.png.rfguxgmap	ConsoleApplication1.exe
File opened for modification	C:\Users\Admin\Pictures\ExportUnblock.tiff	ConsoleApplication1.exe
File renamed	C:\Users\Admin\Pictures\ExportUnblock.tiff => C:\Users\Admin\Pictures\ExportUnblock.tiff.rfguxgmap	ConsoleApplication1.exe
File renamed	C:\Users\Admin\Pictures\ResolveGet.tif => C:\Users\Admin\Pictures\ResolveGet.tif.rfguxgmap	ConsoleApplication1.exe

Modifies registry class 3 IoCs

Processes:

ConsoleApplication1.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\ms-settings\CurVer	ConsoleApplication1.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\ms-settings\CurVer\ = "\\??\\"	ConsoleApplication1.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\ms-settings	ConsoleApplication1.exe

C:\Users\Admin\AppData\Local\Temp\ConsoleApplication1.exe
"C:\Users\Admin\AppData\Local\Temp\ConsoleApplication1.exe"
1⤵
- Modifies extensions of user files
- Modifies registry class
PID:1896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1896-54-0x00000000001D0000-0x00000000001DB000-memory.dmp

Filesize
44KB

Download