Overview

overview

10

Static

static

3

3b5addc546...0a.exe

windows7-x64

10

3b5addc546...0a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02-12-2024 21:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b5addc5465d40c7f5eaa80971f5bed86d66163de317eb1c8d9aa88679218b0a.exe

  • Size

    3.7MB

  • MD5

    7f8b99ef3e558637f16f8f4ce15c5768

  • SHA1

    f51a78235c20644245dca579e85e2d90758e78b0

  • SHA256

    3b5addc5465d40c7f5eaa80971f5bed86d66163de317eb1c8d9aa88679218b0a

  • SHA512

    e55ba8ddfd579748a1edd8db8d352f0d7277cc115cff02b1edd906bd092cd7806bedd4a111c9f99b62cdb527de8c246d89004d6b46d3cdbb9ea41649b26521d8

  • SSDEEP

    49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVCUkULRSOE2U:RF8QUitE4iLqaPWGnEvcUkUtSOEl

Score
10/10
banloaddiscoverydownloaderdropperevasionransomwaretrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Banload family
    banload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Renames multiple (222) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b5addc5465d40c7f5eaa80971f5bed86d66163de317eb1c8d9aa88679218b0a.exe
    "C:\Users\Admin\AppData\Local\Temp\3b5addc5465d40c7f5eaa80971f5bed86d66163de317eb1c8d9aa88679218b0a.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:2052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp
    Filesize

    3.8MB

    MD5

    f80ff98b576fea3c553415bdffa42990

    SHA1

    24333ea117521a870ac0b9712d979a3b9fb37560

    SHA256

    939233ed2e3174bdafbfe69ee52de280496e2835626c8f9826013d89aee219bb

    SHA512

    89bc5c0ee2b62c349e49673691e278dbbdee9a4bee67b313ed3688c21bc02480c3cafd4f0404be1e03f46211cf01f1a12b632770ca3f171e96bf6c7ec9126009

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    3.8MB

    MD5

    066249d513ca91c08aaebdee80bccc5a

    SHA1

    26b97ff9231dc3251774745a9a4a4db86fc9c2d2

    SHA256

    0a1bb15efa5d936914df3bd01d174d1bf3cdf9693fd0e48ea1d101d40e24d672

    SHA512

    4b08b5aac4e8f003b808c6b003f8131e2f8d3b5bddd33f0ada9708e27f35c081ee1bedf48976f3225b3652f1c1db95cff06e56566190323fc415feafaab31fb9

    Download Submit

  • memory/2052-0-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2052-1-0x0000000003100000-0x000000000330C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2052-8-0x0000000003100000-0x000000000330C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2052-11-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2052-12-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2052-13-0x0000000003100000-0x000000000330C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2052-26-0x0000000003100000-0x000000000330C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2052-25-0x0000000003100000-0x000000000330C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2052-41-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2052-45-0x0000000003100000-0x000000000330C000-memory.dmp

    Filesize

    2.0MB

    Download