Overview

overview

10

Static

static

3

adcd96c04e...3e.dll

windows7-x64

10

adcd96c04e...3e.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    0s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-12-2023 10:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    adcd96c04e6729479b71004ec131f43e.dll

  • Size

    38KB

  • MD5

    adcd96c04e6729479b71004ec131f43e

  • SHA1

    08699a15fec12a40a1aab8cf8073c0fc4629ecfb

  • SHA256

    598e6aa444a25c2442e321af24044fbfbf22a68843586cf058c29d5ac2b48461

  • SHA512

    2400e0246eb653d254724e539b53bedc1e0817c61d23a58d9ca72c22ce4e71c480d92462dae06af8a8626d9e49a73f458a74c3aac10a735263ea11ba3c754985

  • SSDEEP

    768:40PNWfnUqS31SdW3ZM0twjSamZjDrUim1hC3WpkqJNAhMO5zFtcAK72Rcv:4wemSdW3ZM0tc6jDw145mNAh95RtcAKa

Score
10/10
magniberransomware

Malware Config

Signatures

  • Detect magniber ransomware 1 IoCs
  • Magniber Ransomware

    Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.

    ransomwaremagniber
  • Suspicious use of SetThreadContext 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\adcd96c04e6729479b71004ec131f43e.dll,#1
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:4204
  • C:\Windows\system32\taskhostw.exe
    taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
    1⤵
      PID:2784
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
      1⤵
        PID:2572
      • C:\Windows\system32\sihost.exe
        sihost.exe
        1⤵
          PID:2556

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2556-0-0x0000019812B60000-0x0000019812B64000-memory.dmp

          Filesize

          16KB

          Download

        • memory/4204-3-0x000001D912CE0000-0x000001D9133BA000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/4204-12-0x000001D912B90000-0x000001D912B91000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4204-26-0x000001D9133C0000-0x000001D9133C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4204-47-0x000001D9136A0000-0x000001D9136A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4204-66-0x000001D9136B0000-0x000001D9136B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4204-106-0x000001D9136D0000-0x000001D9136D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4204-105-0x000001D9136C0000-0x000001D9136C1000-memory.dmp

          Filesize

          4KB

          Download