Analysis
-
max time kernel
2s -
max time network
7s -
platform
windows10-2004_x64 -
resource
win10v2004-20231127-en -
resource tags
-
submitted
01-12-2023 10:24
General
-
Target
SusMagniber.dll
-
Size
38KB
-
MD5
96d505aa061f15eff5b723ae3f82bc98
-
SHA1
fadec5f3bd444044ec269334cfb1ee9fff41da12
-
SHA256
06acd697bc0a41a6fa1098eba46ddd40d029a5fef3eb152fbf9d0d39e6f8673d
-
SHA512
925fdeb3b7cdf337ac809cd2e35b8301020dd1c6f9da25754e2a0b762c2a4a187090777c97c26cd43fd93297f62b00c15593579eadd9cb72f187dc1793cf7ed0
-
SSDEEP
768:biAFh5YBIKGMZmJ1/VTrzDSXl+h6AbUMP02Q3NYVdQDVMM:bT2nZoVTrzDSjVMEvWM
Score
10/10
Malware Config
Signatures
-
Detect magniber ransomware 1 IoCs
-
Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
-
Suspicious use of SetThreadContext 6 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: MapViewOfSection 6 IoCs
Processes
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SusMagniber.dll,#12⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
-
C:\Windows\system32\taskhostw.exetaskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
2.2MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
20KB