Overview

overview

10

Static

static

3

2024-03-26...ia.exe

windows7-x64

10

2024-03-26...ia.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26-03-2024 19:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-26_58fe03e4e9588c729996fb6ef9f0e735_mafia.exe

  • Size

    6.4MB

  • MD5

    58fe03e4e9588c729996fb6ef9f0e735

  • SHA1

    3a42f70e5d3622bd7bc082357ce0f55e4b4997e4

  • SHA256

    c04f8b2fab35789ddfb55b529a3daaa4e1ca51b9e9dbf2d41218c6ebdc27d8d9

  • SHA512

    a873200901b67abf816a1fda89b81883e0c5ecc63ed9285bfc2ffea3627f322ff035b6501fc4bb25da0bdb87091c8981de6a75f8d1ba6d692d365ceec6d339a3

  • SSDEEP

    196608:snTHNmqCPYtHdvf/aTn/9Ts6rb867IISw:snTHNmqCPUH1naTVTn3bkI

Score
10/10
banloaddownloaderdropperevasiontrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Modifies registry class 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-26_58fe03e4e9588c729996fb6ef9f0e735_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-26_58fe03e4e9588c729996fb6ef9f0e735_mafia.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1368

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1368-0-0x00000000034A0000-0x000000000367F000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1368-2-0x0000000000400000-0x0000000001571000-memory.dmp

    Filesize

    17.4MB

    Download

  • memory/1368-7-0x00000000034A0000-0x000000000367F000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1368-8-0x0000000076070000-0x0000000076180000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1368-11-0x0000000000400000-0x0000000001571000-memory.dmp

    Filesize

    17.4MB

    Download

  • memory/1368-12-0x0000000000400000-0x0000000001571000-memory.dmp

    Filesize

    17.4MB

    Download

  • memory/1368-13-0x0000000000400000-0x0000000001571000-memory.dmp

    Filesize

    17.4MB

    Download

  • memory/1368-15-0x0000000000400000-0x0000000001571000-memory.dmp

    Filesize

    17.4MB

    Download

  • memory/1368-16-0x0000000000400000-0x0000000001571000-memory.dmp

    Filesize

    17.4MB

    Download

  • memory/1368-17-0x0000000000400000-0x0000000001571000-memory.dmp

    Filesize

    17.4MB

    Download

  • memory/1368-18-0x0000000000400000-0x0000000001571000-memory.dmp

    Filesize

    17.4MB

    Download

  • memory/1368-19-0x0000000000400000-0x0000000001571000-memory.dmp

    Filesize

    17.4MB

    Download

  • memory/1368-20-0x00000000034A0000-0x000000000367F000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1368-21-0x0000000002EC0000-0x0000000002EC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1368-25-0x00000000034A0000-0x000000000367F000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1368-24-0x00000000034A0000-0x000000000367F000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1368-27-0x00000000034A0000-0x000000000367F000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1368-26-0x0000000000400000-0x0000000001571000-memory.dmp

    Filesize

    17.4MB

    Download

  • memory/1368-29-0x0000000076070000-0x0000000076180000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1368-31-0x0000000002EC0000-0x0000000002EC1000-memory.dmp

    Filesize

    4KB

    Download