Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
submitted
01-10-2024 14:34
Behavioral task
behavioral1
Sample
2024-10-01_ba0767946d9cac95fd727d7076c7fec1_hijackloader_magniber.exe
Resource
win10v2004-20240802-en
General
-
Target
2024-10-01_ba0767946d9cac95fd727d7076c7fec1_hijackloader_magniber.exe
-
Size
9.4MB
-
MD5
ba0767946d9cac95fd727d7076c7fec1
-
SHA1
31c713eabc90f61b44703a8d30e7ced6e2941f23
-
SHA256
2853a61188b4446be57543858adcc704e8534326d4d84ac44a60743b1a44cbfe
-
SHA512
cd9398e8319068d44149fad6329c788d83ff400be30d29b89f0151aabfd9b340c0beb6f2773f2530a098e0cd304990f919f7c84536d719f46650fe99766ef048
-
SSDEEP
196608:1LX8vpjby5OkoeYXp0leGQ7WWb+6otLwGwP55ar9kCmlwe1Xf/Ohz2+lLqKj:1Ivxy58eYXm7Q7WWb+5L+5Mr9k3d1XfN
Malware Config
Signatures
-
Detects HijackLoader (aka IDAT Loader) 1 IoCs
resource yara_rule behavioral1/memory/1180-0-0x0000000000D20000-0x000000000169C000-memory.dmp family_hijackloader -
HijackLoader
HijackLoader is a multistage loader first seen in 2023.
-
Hijackloader family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-10-01_ba0767946d9cac95fd727d7076c7fec1_hijackloader_magniber.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1180 2024-10-01_ba0767946d9cac95fd727d7076c7fec1_hijackloader_magniber.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-10-01_ba0767946d9cac95fd727d7076c7fec1_hijackloader_magniber.exe"C:\Users\Admin\AppData\Local\Temp\2024-10-01_ba0767946d9cac95fd727d7076c7fec1_hijackloader_magniber.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1180