Overview

overview

10

Static

static

3

0aeedaf4d8...57.exe

windows7-x64

10

0aeedaf4d8...57.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-10-2024 00:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0aeedaf4d880e1c0b298bf913645ca588271b41e6687e73243ec4c9cdbbfaa57.exe

  • Size

    3.0MB

  • MD5

    4bdf6d48ebeb40819d707d196da6a848

  • SHA1

    863cd486488480e776eae6d9e1117b2cd36f97dc

  • SHA256

    0aeedaf4d880e1c0b298bf913645ca588271b41e6687e73243ec4c9cdbbfaa57

  • SHA512

    1ce292b9e6d62aa909f3cf91cc93c2e116a2fa8392058cccc5529b8d17554a88c07d1012629c677b0973728699c799374573c58a757bd98b4119e16d5c5cd862

  • SSDEEP

    49152:QpbRm4GPK/M/2wTTMPJ+RGJLsxC2RoVDn99c1/0VXHbxUnUma2sxU5tL:01GS/o8+qOCMuDnu0VXlrmAxytL

Score
10/10
banloaddownloaderdropperpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Modifies registry class 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0aeedaf4d880e1c0b298bf913645ca588271b41e6687e73243ec4c9cdbbfaa57.exe
    "C:\Users\Admin\AppData\Local\Temp\0aeedaf4d880e1c0b298bf913645ca588271b41e6687e73243ec4c9cdbbfaa57.exe"
    1⤵
    • Checks BIOS information in registry
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:2488

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2488-0-0x0000000002350000-0x000000000253A000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2488-7-0x0000000002350000-0x000000000253A000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2488-14-0x0000000140000000-0x0000000140495000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/2488-15-0x0000000002350000-0x000000000253A000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2488-17-0x0000000001FA0000-0x0000000001FA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2488-13-0x0000000140000000-0x0000000140495000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/2488-12-0x0000000140000000-0x0000000140495000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/2488-18-0x0000000002350000-0x000000000253A000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2488-20-0x0000000140000000-0x0000000140495000-memory.dmp

    Filesize

    4.6MB

    Download