Overview

overview

10

Static

static

3

5e67e79705...18.rar

windows7-x64

3

5e67e79705...18.rar

windows10-2004-x64

3

Demostrati...to.exe

windows7-x64

10

Demostrati...to.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2024 09:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DemostrativoExtrato.exe

  • Size

    2.6MB

  • MD5

    2341d1b53f57972ec2b804edcc4889fa

  • SHA1

    9aa4e9be7146e74ff8373ce06fb0ef74800ceb84

  • SHA256

    bae7127917ef103b10a4cc40338bf49b91e8aeb01271fd15a80c80be1f95adbf

  • SHA512

    ed2a6bc2545a1b6a6335467d4129fe0cec6ad08594ca6783ce5eacdccd755ba02104ce3196ebd4e989434fcef774646c32e426a208f585bdde7844e0e8ea681a

  • SSDEEP

    49152:SbYdOEn8rPSTXoUAhKkyYVyq9n0q5VWy7EeNUkRsC2iaKtF+JR:SbI+z3hKkyYVZZPtQAf32wzoR

Score
10/10
banloaddownloaderdropperevasiontrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Modifies registry class 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DemostrativoExtrato.exe
    "C:\Users\Admin\AppData\Local\Temp\DemostrativoExtrato.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Users\Admin\AppData\Local\Temp\DemostrativoExtrato.exe
      "C:\Users\Admin\AppData\Local\Temp\DemostrativoExtrato.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:2908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\1xv7hf3122sso2\weather.zlib
    Filesize

    177KB

    MD5

    6ea3e08ede7642cc7cfd6d3bdcd2d4de

    SHA1

    df6999bc8757058379db9305c83a49d344adb932

    SHA256

    91714ec23db1166f3f2085a7bf94327f48558419166fcbb82245103308430626

    SHA512

    a45742831b5ece78a1ac3dda5bcbb3732eeb08f0077ea42f4f5d19782e944a48873c34e1d2f149b77db9c0e6068386cd9d7d7bc63a9777892bbfa51ffcbc44bb

    Download Submit

  • memory/2872-0-0x0000000007F10000-0x00000000082C5000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2872-24-0x0000000002060000-0x0000000002415000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2872-23-0x0000000007F10000-0x00000000082C5000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2872-2-0x0000000002060000-0x0000000002415000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2908-15-0x0000000007F10000-0x00000000082C5000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2908-19-0x0000000007F10000-0x00000000082C5000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2908-14-0x0000000007F10000-0x00000000082C5000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2908-10-0x0000000002300000-0x000000000250C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2908-17-0x0000000007F10000-0x00000000082C5000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2908-18-0x0000000002300000-0x000000000250C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2908-16-0x0000000007F10000-0x00000000082C5000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2908-11-0x0000000007F10000-0x00000000082C5000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2908-20-0x0000000002300000-0x000000000250C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2908-22-0x0000000007F10000-0x00000000082C5000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2908-5-0x0000000002300000-0x000000000250C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2908-3-0x0000000008075000-0x0000000008076000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2908-1-0x0000000007F10000-0x00000000082C5000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2908-58-0x0000000007F10000-0x00000000082C5000-memory.dmp

    Filesize

    3.7MB

    Download