Analysis

  • max time kernel
    95s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-10-2024 20:02

General

  • Target

    20241001ba0767946d9cac95fd727d7076c7fec1hijackloadermagniber.exe

  • Size

    9.4MB

  • MD5

    ba0767946d9cac95fd727d7076c7fec1

  • SHA1

    31c713eabc90f61b44703a8d30e7ced6e2941f23

  • SHA256

    2853a61188b4446be57543858adcc704e8534326d4d84ac44a60743b1a44cbfe

  • SHA512

    cd9398e8319068d44149fad6329c788d83ff400be30d29b89f0151aabfd9b340c0beb6f2773f2530a098e0cd304990f919f7c84536d719f46650fe99766ef048

  • SSDEEP

    196608:1LX8vpjby5OkoeYXp0leGQ7WWb+6otLwGwP55ar9kCmlwe1Xf/Ohz2+lLqKj:1Ivxy58eYXm7Q7WWb+5L+5Mr9k3d1XfN

Malware Config

Signatures

  • Detects HijackLoader (aka IDAT Loader) 1 IoCs
  • HijackLoader

    HijackLoader is a multistage loader first seen in 2023.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\20241001ba0767946d9cac95fd727d7076c7fec1hijackloadermagniber.exe
    "C:\Users\Admin\AppData\Local\Temp\20241001ba0767946d9cac95fd727d7076c7fec1hijackloadermagniber.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:2384

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2384-0-0x0000000000890000-0x000000000120C000-memory.dmp

    Filesize

    9.5MB

  • memory/2384-1-0x0000000074C60000-0x0000000074DDB000-memory.dmp

    Filesize

    1.5MB