Overview

overview

10

Static

static

3

20240920aa...ia.exe

windows7-x64

10

20240920aa...ia.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-09-2024 06:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    20240920aaa74715d5f3f0b8745b66f8b2ed1ef3mafia.exe

  • Size

    8.3MB

  • MD5

    aaa74715d5f3f0b8745b66f8b2ed1ef3

  • SHA1

    45bb4f63e5428098c69f623fce0830e959ca3f65

  • SHA256

    1e7d59c869e27073d03898b7ded8c597b55a2791c36af2ae29d8593751c72687

  • SHA512

    3a5b730aabcf410edae7ee8926d3af5b076925c70ed0ec5ac8f8d2847ddce72cee42080849aba7e747a1a4ff3e0fc3c9c83f955fb3b50678ac45b7d976482eab

  • SSDEEP

    196608:ZLweeSIYd2Qv8eqkhBZ1AcZ3D++Q00OISC5EvMyxQdATpKI:ZLwefBx5tjA0C5G9xQ8K

Score
10/10
banloaddiscoverydownloaderdropperevasiontrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\20240920aaa74715d5f3f0b8745b66f8b2ed1ef3mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\20240920aaa74715d5f3f0b8745b66f8b2ed1ef3mafia.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Users\Admin\AppData\Local\Temp\20240920aaa74715d5f3f0b8745b66f8b2ed1ef3mafia.exe
      "C:\Users\Admin\AppData\Local\Temp\20240920aaa74715d5f3f0b8745b66f8b2ed1ef3mafia.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      PID:3068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2080-0-0x0000000000400000-0x00000000016FE000-memory.dmp

    Filesize

    19.0MB

    Download

  • memory/2080-10-0x00000000033E0000-0x00000000046DE000-memory.dmp

    Filesize

    19.0MB

    Download

  • memory/2080-14-0x0000000000400000-0x00000000016FE000-memory.dmp

    Filesize

    19.0MB

    Download

  • memory/2080-17-0x00000000033E0000-0x00000000046DE000-memory.dmp

    Filesize

    19.0MB

    Download

  • memory/3068-1-0x0000000004100000-0x000000000430C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3068-9-0x0000000004100000-0x000000000430C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3068-8-0x0000000000400000-0x00000000016FE000-memory.dmp

    Filesize

    19.0MB

    Download

  • memory/3068-11-0x0000000000EF7000-0x0000000000EF8000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3068-15-0x0000000000400000-0x00000000016FE000-memory.dmp

    Filesize

    19.0MB

    Download

  • memory/3068-16-0x0000000004100000-0x000000000430C000-memory.dmp

    Filesize

    2.0MB

    Download