Overview

overview

10

Static

static

1

magniber.js

windows7-x64

1

magniber.js

windows10-2004-x64

10

Resubmissions

03-04-2023 01:32

230403-bx8l2add8y 10

Analysis

  • max time kernel
    149s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-04-2023 01:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    magniber.js

  • Size

    212KB

  • MD5

    6a76eeb61c3f44ae8d61bbddc9b1f58e

  • SHA1

    25ade112e1930ed4ca7501c0ab2944cb25738478

  • SHA256

    12921c2d0578f9d83ada9dfc4eb362ba5258d44e07741fcce87fdd91118d7cd2

  • SHA512

    a1b753cce043ee06b5b7520f4a46cc7fc704870d9d2ed9c7285bb2a4084a3075dff4c95ba369480dc5b9536ed2636bb856e4ac4e097322cb09b625260f13f518

  • SSDEEP

    1536:rcVvZx6Nl+Ywq8zNNR6E4JrLZ8hsnUKMkQcIntkov/VJH8Uq0is6EHqUXnxA+ETK:t25gfhe7

Score
10/10
magniberransomware

Malware Config

Signatures

  • Detect magniber ransomware 1 IoCs
  • Magniber Ransomware

    Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.

    ransomwaremagniber
  • Modifies extensions of user files 12 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Program crash 1 IoCs
  • Modifies registry class 37 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
      PID:3808
    • C:\Windows\System32\RuntimeBroker.exe
      C:\Windows\System32\RuntimeBroker.exe -Embedding
      1⤵
      • Modifies registry class
      PID:4044
    • C:\Windows\System32\RuntimeBroker.exe
      C:\Windows\System32\RuntimeBroker.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:3716
    • C:\Windows\system32\backgroundTaskHost.exe
      "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppX53ypgrj20bgndg05hj3tc7z654myszwp.mca
      1⤵
        PID:2052
      • C:\Windows\system32\backgroundTaskHost.exe
        "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppX3bn25b6f886wmg6twh46972vprk9tnbf.mca
        1⤵
          PID:4344
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:3644
          • C:\Windows\system32\DllHost.exe
            C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
            1⤵
              PID:3480
              • C:\Windows\system32\WerFault.exe
                C:\Windows\system32\WerFault.exe -u -p 3480 -s 952
                2⤵
                • Program crash
                PID:936
            • C:\Windows\system32\svchost.exe
              C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
              1⤵
              • Modifies registry class
              PID:3256
            • C:\Windows\Explorer.EXE
              C:\Windows\Explorer.EXE
              1⤵
              • Modifies registry class
              • Suspicious behavior: GetForegroundWindowSpam
              • Suspicious use of AdjustPrivilegeToken
              PID:3076
              • C:\Windows\system32\wscript.exe
                wscript.exe C:\Users\Admin\AppData\Local\Temp\magniber.js
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:1248
            • C:\Windows\system32\taskhostw.exe
              taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
              1⤵
              • Modifies registry class
              PID:2536
            • C:\Windows\system32\svchost.exe
              C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
              1⤵
              • Modifies extensions of user files
              • Modifies registry class
              PID:2436
            • C:\Windows\system32\sihost.exe
              sihost.exe
              1⤵
              • Modifies registry class
              PID:2404
            • C:\Windows\system32\WerFault.exe
              C:\Windows\system32\WerFault.exe -pss -s 460 -p 3480 -ip 3480
              1⤵
                PID:1992

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\Pictures\README.html
                Filesize

                15KB

                MD5

                8c416822a24557841bc490aadf8ddb69

                SHA1

                b3821ed8664ee4d2bcd38ca77106982a3c6f2c96

                SHA256

                c7cc4c8f7353225a45f3bf42dcd6e76cd2018f0d5dcc652345a1b46170adc977

                SHA512

                d4423b895b442aa85e96e105f26b12dfae6aae254bb8d60272aa9a19f9582522ab94566a1e481918b7395bb1db140a258bf09484fecce6a5f6cd1cfed92baeef

                Download Submit

              • C:\Users\Public\vgbwjj.kpg
                Filesize

                879B

                MD5

                d3272865d96aca9d876b2abb975ec6fb

                SHA1

                e93d935ff3e185e50ee9524d64977e778a1ac0aa

                SHA256

                f08930a65b91fc6025b66a64c9ca3aca4a74f8e1e770c17c56dbe76762625901

                SHA512

                e4622ccc72e1fa34e2fd0d03c9ad1190d29ed0f1b62de9c6331000abdb7f88adb23d54d7bdd2cdd9854f7bb197a07165f4c2c4d2d9c51205ea005a5277c7c89a

                Download Submit

              • memory/1248-134-0x00000179BC850000-0x00000179BC860000-memory.dmp

                Filesize

                64KB

                Download

              • memory/1248-135-0x00000179BDD70000-0x00000179BE298000-memory.dmp

                Filesize

                5.2MB

                Download

              • memory/1248-158-0x00000179BC850000-0x00000179BC860000-memory.dmp

                Filesize

                64KB

                Download

              • memory/1248-133-0x00000179BD6C0000-0x00000179BD83E000-memory.dmp

                Filesize

                1.5MB

                Download

              • memory/2404-137-0x000001CE44C50000-0x000001CE44C5A000-memory.dmp

                Filesize

                40KB

                Download

              • memory/2404-141-0x000001CE44C60000-0x000001CE44C61000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2404-142-0x000001CE44C70000-0x000001CE44C71000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-176-0x00000288CD4F0000-0x00000288CD4F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-177-0x00000288CD500000-0x00000288CD501000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-201-0x00000288CD570000-0x00000288CD571000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-191-0x00000288CD560000-0x00000288CD561000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-218-0x00000288CD590000-0x00000288CD591000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-217-0x00000288CD580000-0x00000288CD581000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-187-0x00000288CD520000-0x00000288CD521000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2436-172-0x00000288CD4D0000-0x00000288CD4D1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3644-425-0x0000025FDB260000-0x0000025FDB261000-memory.dmp

                Filesize

                4KB

                Download

              • memory/3644-426-0x0000025FDB280000-0x0000025FDB281000-memory.dmp

                Filesize

                4KB

                Download