General
-
Target
41ef278a866d57e3c81882e4ad7f6d04ae6b066cfd5632120d9ac4332d66753e
-
Size
96KB
-
Sample
240805-d85evswcjj
-
MD5
42ad49ed99c0d41a820316309bc2c3b3
-
SHA1
f447a72b3cbea72e1b56fda8f44fd9f304b4474a
-
SHA256
41ef278a866d57e3c81882e4ad7f6d04ae6b066cfd5632120d9ac4332d66753e
-
SHA512
4e0af295dc656ad70361363c77646fb899a1ff4a816790959e090125bdba2089eb058dfa2b18bdcede34b45d9420b6f57c0db6aefa32f9799eccec3f163bdf75
-
SSDEEP
1536:kiqCWq/Gf2CJ7ZrhzZr98n+lW0D80D+7fxun:xqCWqu+q8nLLxun
Static task
static1
Behavioral task
behavioral1
Sample
41ef278a866d57e3c81882e4ad7f6d04ae6b066cfd5632120d9ac4332d66753e.msi
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
41ef278a866d57e3c81882e4ad7f6d04ae6b066cfd5632120d9ac4332d66753e.msi
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
41ef278a866d57e3c81882e4ad7f6d04ae6b066cfd5632120d9ac4332d66753e
-
Size
96KB
-
MD5
42ad49ed99c0d41a820316309bc2c3b3
-
SHA1
f447a72b3cbea72e1b56fda8f44fd9f304b4474a
-
SHA256
41ef278a866d57e3c81882e4ad7f6d04ae6b066cfd5632120d9ac4332d66753e
-
SHA512
4e0af295dc656ad70361363c77646fb899a1ff4a816790959e090125bdba2089eb058dfa2b18bdcede34b45d9420b6f57c0db6aefa32f9799eccec3f163bdf75
-
SSDEEP
1536:kiqCWq/Gf2CJ7ZrhzZr98n+lW0D80D+7fxun:xqCWqu+q8nLLxun
-
Detect magniber ransomware
-
Magniber Ransomware
Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (105) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
System Binary Proxy Execution: Regsvr32
Abuse Regsvr32 to proxy execution of malicious code.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2System Binary Proxy Execution
2Msiexec
1Regsvr32
1