Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-10-14_0271bf83ad3127f16367a7662f2247b4_hijackloader_magniber
-
Size
5.3MB
-
Sample
241014-kpfeysseqg
-
MD5
0271bf83ad3127f16367a7662f2247b4
-
SHA1
cc30247eb021648e11ae84b7afacfa476129b2ef
-
SHA256
9473531e370d7a45e1ff2bd214c0365f07c78f6ce52ec35f141fbedf76c2ed1f
-
SHA512
17419cd882d6a812a051993450136fb3c4d59d2b5854989efeaaf6e8eea0d285a4bd940f3c51f46ec4b5efa5417d748ca58f51ece77210d32448f63178968173
-
SSDEEP
98304:PkB/qoHMdnJE7hAlKnsz2C2PYdhIqHpnq0EB:bJEul4szEonqtB
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-14_0271bf83ad3127f16367a7662f2247b4_hijackloader_magniber.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-10-14_0271bf83ad3127f16367a7662f2247b4_hijackloader_magniber.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2024-10-14_0271bf83ad3127f16367a7662f2247b4_hijackloader_magniber
-
Size
5.3MB
-
MD5
0271bf83ad3127f16367a7662f2247b4
-
SHA1
cc30247eb021648e11ae84b7afacfa476129b2ef
-
SHA256
9473531e370d7a45e1ff2bd214c0365f07c78f6ce52ec35f141fbedf76c2ed1f
-
SHA512
17419cd882d6a812a051993450136fb3c4d59d2b5854989efeaaf6e8eea0d285a4bd940f3c51f46ec4b5efa5417d748ca58f51ece77210d32448f63178968173
-
SSDEEP
98304:PkB/qoHMdnJE7hAlKnsz2C2PYdhIqHpnq0EB:bJEul4szEonqtB
Score9/10-
Renames multiple (177) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Deletes itself
-
Executes dropped EXE
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1