Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
30-06-2024 01:21
Behavioral task
behavioral1
Sample
b0e5fddc8448dc854ab400c9b0ac82c43a2f44fa6970cd2975e7d28116a7740d.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
b0e5fddc8448dc854ab400c9b0ac82c43a2f44fa6970cd2975e7d28116a7740d.exe
Resource
win10v2004-20240611-en
General
-
Target
b0e5fddc8448dc854ab400c9b0ac82c43a2f44fa6970cd2975e7d28116a7740d.exe
-
Size
989KB
-
MD5
1aeb3a19d439d8a4a00313d12f463827
-
SHA1
beedd7366e1ef168595d800ebe013067c78775de
-
SHA256
b0e5fddc8448dc854ab400c9b0ac82c43a2f44fa6970cd2975e7d28116a7740d
-
SHA512
074c2316d385feb4c78e6068a8fbf37d570bb9ee87a69b76bc3878a1b18eb9f97ca6511709008dcc60158d0dc81395adaed5e309d0266ed7713e7e5e4e442422
-
SSDEEP
24576:liG03BDYmHDQKcdE2v4jtaUN4cDHZgboRxRprGE:oJYuHTI4jJJObkf
Malware Config
Signatures
-
Detects HijackLoader (aka IDAT Loader) 1 IoCs
resource yara_rule behavioral2/memory/3948-5-0x0000000140000000-0x0000000140112000-memory.dmp family_hijackloader -
HijackLoader
HijackLoader is a multistage loader first seen in 2023.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 3948 b0e5fddc8448dc854ab400c9b0ac82c43a2f44fa6970cd2975e7d28116a7740d.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
25B
MD571bfa4b1b2a2049befa50a86463a014f
SHA18ca6218c1f92b40da01501e18786cc2724e4c769
SHA256a4683279940ca2ea6c25b63f07f41d7e2eab4ac3246ff57c8c771e7c923abd29
SHA512574ccbc6a9387eed4e74af3e06a5023db1f74e24a8a9f3e9a96bee77483c3e5da257df4ff7976f7e389f51ec9ca89c56b103186fe499f5f3839738cafe657735