Overview

overview

10

Static

static

3

adcd96c04e...3e.dll

windows7-x64

10

adcd96c04e...3e.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    0s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/02/2024, 05:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    adcd96c04e6729479b71004ec131f43e.dll

  • Size

    38KB

  • MD5

    adcd96c04e6729479b71004ec131f43e

  • SHA1

    08699a15fec12a40a1aab8cf8073c0fc4629ecfb

  • SHA256

    598e6aa444a25c2442e321af24044fbfbf22a68843586cf058c29d5ac2b48461

  • SHA512

    2400e0246eb653d254724e539b53bedc1e0817c61d23a58d9ca72c22ce4e71c480d92462dae06af8a8626d9e49a73f458a74c3aac10a735263ea11ba3c754985

  • SSDEEP

    768:40PNWfnUqS31SdW3ZM0twjSamZjDrUim1hC3WpkqJNAhMO5zFtcAK72Rcv:4wemSdW3ZM0tc6jDw145mNAh95RtcAKa

Score
10/10
magniberransomware

Malware Config

Signatures

  • Detect magniber ransomware 1 IoCs
  • Magniber Ransomware

    Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.

    ransomwaremagniber
  • Suspicious use of SetThreadContext 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\adcd96c04e6729479b71004ec131f43e.dll,#1
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:4020
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
    1⤵
      PID:2600
    • C:\Windows\system32\sihost.exe
      sihost.exe
      1⤵
        PID:2552

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2552-0-0x0000025736C80000-0x0000025736C84000-memory.dmp

        Filesize

        16KB

        Download

      • memory/4020-39-0x000002014AC30000-0x000002014B30A000-memory.dmp

        Filesize

        6.9MB

        Download

      • memory/4020-56-0x000002014AA10000-0x000002014AA11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4020-58-0x000002014AB20000-0x000002014AB21000-memory.dmp

        Filesize

        4KB

        Download