Overview

overview

10

Static

static

10

2024-10-01...er.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-10-2024 14:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-10-01_ba0767946d9cac95fd727d7076c7fec1_hijackloader_magniber.exe

  • Size

    9.4MB

  • MD5

    ba0767946d9cac95fd727d7076c7fec1

  • SHA1

    31c713eabc90f61b44703a8d30e7ced6e2941f23

  • SHA256

    2853a61188b4446be57543858adcc704e8534326d4d84ac44a60743b1a44cbfe

  • SHA512

    cd9398e8319068d44149fad6329c788d83ff400be30d29b89f0151aabfd9b340c0beb6f2773f2530a098e0cd304990f919f7c84536d719f46650fe99766ef048

  • SSDEEP

    196608:1LX8vpjby5OkoeYXp0leGQ7WWb+6otLwGwP55ar9kCmlwe1Xf/Ohz2+lLqKj:1Ivxy58eYXm7Q7WWb+5L+5Mr9k3d1XfN

Score
10/10
hijackloaderdiscoveryloader

Malware Config

Signatures

  • Detects HijackLoader (aka IDAT Loader) 1 IoCs
  • HijackLoader

    HijackLoader is a multistage loader first seen in 2023.

    loaderhijackloader
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-01_ba0767946d9cac95fd727d7076c7fec1_hijackloader_magniber.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-01_ba0767946d9cac95fd727d7076c7fec1_hijackloader_magniber.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:1180

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1180-0-0x0000000000D20000-0x000000000169C000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/1180-1-0x00000000752D0000-0x000000007544B000-memory.dmp

    Filesize

    1.5MB

    Download