Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
18-10-2024 01:21
Behavioral task
behavioral1
Sample
2853a61188b4446be57543858adcc704e8534326d4d84ac44a60743b1a44cbfe.exe
Resource
win10v2004-20241007-en
General
-
Target
2853a61188b4446be57543858adcc704e8534326d4d84ac44a60743b1a44cbfe.exe
-
Size
9.4MB
-
MD5
ba0767946d9cac95fd727d7076c7fec1
-
SHA1
31c713eabc90f61b44703a8d30e7ced6e2941f23
-
SHA256
2853a61188b4446be57543858adcc704e8534326d4d84ac44a60743b1a44cbfe
-
SHA512
cd9398e8319068d44149fad6329c788d83ff400be30d29b89f0151aabfd9b340c0beb6f2773f2530a098e0cd304990f919f7c84536d719f46650fe99766ef048
-
SSDEEP
196608:1LX8vpjby5OkoeYXp0leGQ7WWb+6otLwGwP55ar9kCmlwe1Xf/Ohz2+lLqKj:1Ivxy58eYXm7Q7WWb+5L+5Mr9k3d1XfN
Malware Config
Signatures
-
Detects HijackLoader (aka IDAT Loader) 1 IoCs
resource yara_rule behavioral1/memory/2032-0-0x0000000000FB0000-0x000000000192C000-memory.dmp family_hijackloader -
HijackLoader
HijackLoader is a multistage loader first seen in 2023.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2853a61188b4446be57543858adcc704e8534326d4d84ac44a60743b1a44cbfe.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2032 2853a61188b4446be57543858adcc704e8534326d4d84ac44a60743b1a44cbfe.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2853a61188b4446be57543858adcc704e8534326d4d84ac44a60743b1a44cbfe.exe"C:\Users\Admin\AppData\Local\Temp\2853a61188b4446be57543858adcc704e8534326d4d84ac44a60743b1a44cbfe.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2032