Overview

overview

7

Static

static

3

Bandicam/bandicam.exe

windows7-x64

7

Bandicam/bandicam.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/D3...43.dll

windows7-x64

3

$SYSDIR/D3...43.dll

windows10-2004-x64

3

$SYSDIR/d3dx11_43.dll

windows7-x64

3

$SYSDIR/d3dx11_43.dll

windows10-2004-x64

3

$SYSDIR/vcomp140.dll

windows7-x64

3

$SYSDIR/vcomp140.dll

windows10-2004-x64

3

$TEMP/BDMP...UP.exe

windows7-x64

7

$TEMP/BDMP...UP.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$SYSDIR/bdmjpeg.dll

windows7-x64

3

$SYSDIR/bdmjpeg.dll

windows10-2004-x64

3

$SYSDIR/bdmjpeg64.dll

windows7-x64

1

$SYSDIR/bdmjpeg64.dll

windows10-2004-x64

1

$SYSDIR/bdmpega.dll

windows7-x64

3

$SYSDIR/bdmpega.dll

windows10-2004-x64

3

$SYSDIR/bdmpega64.dll

windows7-x64

1

$SYSDIR/bdmpega64.dll

windows10-2004-x64

1

$SYSDIR/bdmpegv.dll

windows7-x64

3

$SYSDIR/bdmpegv.dll

windows10-2004-x64

3

$SYSDIR/bdmpegv64.dll

windows7-x64

1

$SYSDIR/bdmpegv64.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    102s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25-09-2024 01:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bandicam/bandicam.exe

  • Size

    15.0MB

  • MD5

    86ddad2004ee165ab24b126272b29ce0

  • SHA1

    15cb513e1b7d5fd295a252aaf99c9ef199f7989b

  • SHA256

    21dfafc11d0c63ba11995bf206b9de297bc835dde6a13ebff445b0c762eb749f

  • SHA512

    ba8fc5f81ac8663256772970da2ac3bed9c81feb510a551b8a37a8dc70e13907976c2632aaea9f661df015a4a3c28469ab07121cd8bb50ceb3bff2c428ce6e01

  • SSDEEP

    393216:1EkkGawXGJo13+tMDOB71l07bxqeynPE02lyTQAMljj:1IGnXGGl+aDOBBlgwnPDjMljj

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Bandicam\bandicam.exe
    "C:\Users\Admin\AppData\Local\Temp\Bandicam\bandicam.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsj9E62.tmp\ioSpecial.ini
    Filesize

    1KB

    MD5

    29a18de2949351fc41d9f4d5162d2571

    SHA1

    eb21f2ca9ad530a36458cba7ce518975fa1aebb8

    SHA256

    d866439c3b3fdccb06ecb95bee7fa7146923e32f3de369399082247c16046298

    SHA512

    12930ab366f4ab8a2cf8d732d687aff27a3924e0989c68603e9382d7633c34ce20c31a4ce26c26c3b2d930a436a787fb7093a51372f0016fbaedda4f819183c8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsj9E62.tmp\ioSpecial.ini
    Filesize

    1KB

    MD5

    061083ab06cfe05b8df6d461e20d0e04

    SHA1

    e6c10259a262211a28ef8107cf3117f03bb73213

    SHA256

    337dbd6b0ebfe80199b258db3e36d4fc95e6803d72a9a8c7579eb16afb220c07

    SHA512

    7adc453aafd9f418aa280b96697366d30241c2c8457fbf2eff5fc8b496a36fbef24fa992ec344a944a96d3b148edd08b55855a096c236b2a6a278923f372a84e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsj9E62.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    67d8f4d5acdb722e9cb7a99570b3ded1

    SHA1

    f4a729ba77332325ea4dbdeea98b579f501fd26f

    SHA256

    fa8de036b1d9bb06be383a82041966c73473fc8382d041fb5c1758f991afeae7

    SHA512

    03999cc26a76b0de6f7e4e8a45137ee4d9c250366ac5a458110f00f7962158311eea5f22d3ee4f32f85aa6969eb143bdb8f03ca989568764ed2bc488c89b4b7f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsj9E62.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    410a586735f45164c86bda363ad8446f

    SHA1

    a68d18a8c72ffaa8f8d9ed9f76ea9b0ed397821b

    SHA256

    b15b1fc88d1b56088b2d3738d76772a91fa186a316a3e0a154358820d0fb9005

    SHA512

    d12083f67df132b2be57c202601a0cf82dba4c234910e780d2723aac14ae68407b824405b04737b55104bc97750550a3271a944d647661b067ce134075e6cc2a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsj9E62.tmp\System.dll
    Filesize

    11KB

    MD5

    959ea64598b9a3e494c00e8fa793be7e

    SHA1

    40f284a3b92c2f04b1038def79579d4b3d066ee0

    SHA256

    03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

    SHA512

    5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsj9E62.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    d16e06c5de8fb8213a0464568ed9852f

    SHA1

    d063690dc0d2c824f714acb5c4bcede3aa193f03

    SHA256

    728472ba312ae8af7f30d758ab473e0772477a68fcd1d2d547dafe6d8800d531

    SHA512

    60502bb65d91a1a895f38bd0f070738152af58ffa4ac80bac3954aa8aad9fda9666e773988cbd00ce4741d2454bf5f2e0474ce8ea18cfe863ec4c36d09d1e27a

    Download Submit