Analysis
-
max time kernel
0s -
max time network
25s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
22-12-2023 07:58
General
-
Target
7b598815af2522938f6bc3fb53010cc0.dll
-
Size
38KB
-
MD5
7b598815af2522938f6bc3fb53010cc0
-
SHA1
76b6d116179c3cd38f1b715fe1778290eb87c676
-
SHA256
fd4a482cc2d1469c31a4bed466d4acf717ecaa83af1abd677198d254ee25bf22
-
SHA512
5e3fe2689dd31b1c488256f332c829bab3e97ba89fba020a423130af13657e21341514d38f7cc33a636e47fb07294083d351d09c7887c4792fc0f1026523210a
-
SSDEEP
768:B51I4cnvHkMeaEIwCrbjvkTlmx3El3xF00ydemHlTfLIt3GeMdE:31Ix/eaZwCXjvY5/F7ygmRfLIt3GFE
Score
10/10
Malware Config
Signatures
-
Detect magniber ransomware 1 IoCs
-
Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
-
Suspicious use of SetThreadContext 5 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: MapViewOfSection 5 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7b598815af2522938f6bc3fb53010cc0.dll,#11⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Windows\system32\taskhostw.exetaskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8.5MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB