hijackloader | 0622447ec83737692036bdc44f45326a48a1230b4f545b64968a4d9355114938 | Triage

Sharing

General

Target

msi12.msi
Size

9.5MB
Sample

250409-qg2wwa1wd1
MD5

a5a0fd7291ac3a018c1325a90ffb6390
SHA1

1dedabe3bd3bf53e8a449113ac51fa362e8b61cc
SHA256

0622447ec83737692036bdc44f45326a48a1230b4f545b64968a4d9355114938
SHA512

6336b368b7f6a46ada04e2e4f003433ab462ed4518941d07cc7495e3c363e0beb08de0d05c760ed77dc20ead823c44622027222249d8978e8c795e3727f2c543
SSDEEP

196608:SGl2dXDavUGqDR/o+4zlOw3JFUS6+4hCcCkve0XO:+V+8GqD1o+4zlOc34BvbXO

Score

10^/10

hijackloader discovery persistence privilege_escalation

Malware Config

Extracted

Family

hijackloader

Attributes

directory
%APPDATA%\NI_download
inject_dll
%windir%\SysWOW64\pla.dll

xor.hex

Targets

- Target
  
  msi12.msi
- Size
  
  9.5MB
- MD5
  
  a5a0fd7291ac3a018c1325a90ffb6390
- SHA1
  
  1dedabe3bd3bf53e8a449113ac51fa362e8b61cc
- SHA256
  
  0622447ec83737692036bdc44f45326a48a1230b4f545b64968a4d9355114938
- SHA512
  
  6336b368b7f6a46ada04e2e4f003433ab462ed4518941d07cc7495e3c363e0beb08de0d05c760ed77dc20ead823c44622027222249d8978e8c795e3727f2c543
- SSDEEP
  
  196608:SGl2dXDavUGqDR/o+4zlOw3JFUS6+4hCcCkve0XO:+V+8GqD1o+4zlOc34BvbXO
Score

6^/10

discovery persistence privilege_escalation
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation