Overview

overview

10

Static

static

3

cbf762fb16...fd.dll

windows7-x64

10

cbf762fb16...fd.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    0s
  • max time network
    5s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-03-2024 17:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cbf762fb16cfe0149b46a61f3fb029fd.dll

  • Size

    38KB

  • MD5

    cbf762fb16cfe0149b46a61f3fb029fd

  • SHA1

    24d70407e12631bd83f39164bcd5ca6a74a0b459

  • SHA256

    2cd5879589f6af26488a2c9451d279306c472302375916e34f2646e7095ce4b9

  • SHA512

    e26dd9fcb24b7357da2230c87d6ee7ed59f1288118160b42d92161a42e77a91077a8a9c6b9ab49a68f6cdf7135d57be3a465190118112d1c0a49e7408b28a853

  • SSDEEP

    768:tNB4vRN8egwET/AOBHR9T7lGFDZFpVNKu90lQtwPFhXB+6OPvF65IM0:5A8ugn5T7le1l1Gb+6OPvdM

Score
10/10
magniberransomware

Malware Config

Signatures

  • Detect magniber ransomware 1 IoCs
  • Magniber Ransomware

    Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.

    ransomwaremagniber
  • Suspicious use of SetThreadContext 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 5 IoCs

Processes

  • C:\Windows\system32\sihost.exe
    sihost.exe
    1⤵
      PID:756
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
      1⤵
        PID:2596
      • C:\Windows\system32\taskhostw.exe
        taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
        1⤵
          PID:3128
        • C:\Windows\Explorer.EXE
          C:\Windows\Explorer.EXE
          1⤵
            PID:3416
            • C:\Windows\system32\rundll32.exe
              rundll32.exe C:\Users\Admin\AppData\Local\Temp\cbf762fb16cfe0149b46a61f3fb029fd.dll,#1
              2⤵
              • Suspicious use of SetThreadContext
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious behavior: MapViewOfSection
              PID:3520

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/756-12-0x0000013D9D5B0000-0x0000013D9D5B5000-memory.dmp

            Filesize

            20KB

            Download

          • memory/3520-3-0x000001A8A7C50000-0x000001A8A7C51000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3520-2-0x000001A8A7C40000-0x000001A8A7C41000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3520-5-0x000001A8A7C70000-0x000001A8A7C71000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3520-4-0x000001A8A7C60000-0x000001A8A7C61000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3520-6-0x000001A8A7C80000-0x000001A8A7C81000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3520-1-0x000001A8A7C30000-0x000001A8A7C31000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3520-7-0x000001A8A7C90000-0x000001A8A7C91000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3520-8-0x000001A8A7CD0000-0x000001A8A7CD1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3520-9-0x000001A8A7CE0000-0x000001A8A7CE1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3520-10-0x000001A8A7CF0000-0x000001A8A7CF1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3520-11-0x000001A8A7D00000-0x000001A8A7D01000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3520-0-0x000001A8A7D50000-0x000001A8A8688000-memory.dmp

            Filesize

            9.2MB

            Download