Overview

overview

10

Static

static

3

8ad5a62333...eN.exe

windows7-x64

10

8ad5a62333...eN.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-12-2024 18:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8ad5a6233319b2d6a55683abb6b3d69909ee03894fc110bf539317f5d366425eN.exe

  • Size

    5.8MB

  • MD5

    48a27e390bb0f38f4bd3fb8170b71e10

  • SHA1

    335bdab956b0f5d04421652d6ae43e9f862ca837

  • SHA256

    8ad5a6233319b2d6a55683abb6b3d69909ee03894fc110bf539317f5d366425e

  • SHA512

    2e5391c2938b17c14d4e6869993588597f501d87798a3f5b58ff3ba77358accfaa783036fb31fef634031accb6f4d503b4395488613a03db86087cb00d1857d9

  • SSDEEP

    98304:RF8QUitE4iLqaPWGnEv+OKQr8MAvFrpHv/kAZIlnHyLF06Sud19nEntkKoML:RFQWEPnPBnEmOKIbGpPMAZcy3qyKBL

Score
10/10
banloaddiscoverydownloaderdropperevasionransomwaretrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Banload family
    banload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Renames multiple (245) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 48 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ad5a6233319b2d6a55683abb6b3d69909ee03894fc110bf539317f5d366425eN.exe
    "C:\Users\Admin\AppData\Local\Temp\8ad5a6233319b2d6a55683abb6b3d69909ee03894fc110bf539317f5d366425eN.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:1404

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.tmp
    Filesize

    5.9MB

    MD5

    81ecc4f3ec6fd5de8dd191ddc1da6c8e

    SHA1

    a9025c2d1dda510a2857d728538923af2c906fe5

    SHA256

    01d8399cb04f4dc1ef631d914d8075a168fd320df3d00d4a2a2eb7f32af6c504

    SHA512

    37360cca6e05f1aeec126804e672a9b86be92ceb11e4e293a400127189cdff0c47fa5bb7a2dacfba284a713449efbdec49bd4ac9ed76be0ffe02cd00349ab60d

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    6.0MB

    MD5

    5ae5ece450853544da6e054a1d314c98

    SHA1

    287b03b4dca5c77942651f43b093902339da5375

    SHA256

    9afd1c8c56be74cd11079447361c28e08a35d5274612b12c1041a638f70b8cad

    SHA512

    bb1ca76bbb68c744f33fdb170e3055c48d484a6926888982290700db6ea0344dab43baa9f7de51aa44d5abf48f6259ca95631a0b95f1ba6694d96fbe5638dbeb

    Download Submit

  • memory/1404-0-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1404-2-0x0000000004240000-0x000000000444C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1404-9-0x0000000004240000-0x000000000444C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1404-12-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1404-13-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1404-14-0x0000000004240000-0x000000000444C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1404-33-0x0000000004240000-0x000000000444C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1404-32-0x0000000004240000-0x000000000444C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1404-76-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1404-86-0x0000000004240000-0x000000000444C000-memory.dmp

    Filesize

    2.0MB

    Download