Overview

overview

10

Static

static

3

32caaae8a8...8c.exe

windows7-x64

10

32caaae8a8...8c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    03-12-2024 19:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    32caaae8a86016f7243ec2944460057d5bd5cfbb78b3ba93e25a798ff8a7198c.exe

  • Size

    5.6MB

  • MD5

    ede164ba1f5919702cccdf73b3df131f

  • SHA1

    b0385072d97ee6a851d078235f436b6ed6d8366b

  • SHA256

    32caaae8a86016f7243ec2944460057d5bd5cfbb78b3ba93e25a798ff8a7198c

  • SHA512

    d3a40c70a10bfa6ce04005a44119cdcf29ec21e31fe6b7300833374677ded37bd812e7f530c206bd7e6c9affa9bb4881d838030811a2333b934f065b0b4db0b1

  • SSDEEP

    98304:RF8QUitE4iLqaPWGnEv+OKQr8MAvFrpHv/kAZIlnHyLF06Sud19nEntkKt:RFQWEPnPBnEmOKIbGpPMAZcy3qyKt

Score
10/10
banloaddiscoverydownloaderdropperevasionransomwaretrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Banload family
    banload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Renames multiple (200) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 49 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\32caaae8a86016f7243ec2944460057d5bd5cfbb78b3ba93e25a798ff8a7198c.exe
    "C:\Users\Admin\AppData\Local\Temp\32caaae8a86016f7243ec2944460057d5bd5cfbb78b3ba93e25a798ff8a7198c.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:2904

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp
    Filesize

    5.7MB

    MD5

    457743cb4c42e014a835a0c40d021aa5

    SHA1

    7a0dc2924bc837eb06338233e2e8dfd42ff676a7

    SHA256

    f751940751a8bebcc52f408908425784d36fda0b3e839f8d9818565a629b0622

    SHA512

    51679c980b792f5a47fd57349bb503ad5e90bb97ed560bb13267e13f827241eeb5b01be1527c33f625e211a22b8b541a769b0113abf1d2348d8272fd277e7ce4

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    5.7MB

    MD5

    716af9d36928f24d10876bb1339c326e

    SHA1

    3cf69e0574a9a446311422d33ac96a4215cd9b67

    SHA256

    68042a4156bfd07f0517d9bf2cd84ae31c479de67c943e9429628bd4e9761d0c

    SHA512

    d05e0b64b6c1e0a911b4679140c3df950a7d05382643ddc5a8434bc543ddd11c74cedf33e7ef6b3d1ad488c69ae00faf78f4f38a8f0de53add66b55198ad308c

    Download Submit

  • memory/2904-0-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2904-1-0x00000000035E0000-0x00000000037EC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2904-8-0x00000000035E0000-0x00000000037EC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2904-11-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2904-12-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2904-13-0x00000000035E0000-0x00000000037EC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2904-25-0x00000000035E0000-0x00000000037EC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2904-37-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2904-43-0x00000000035E0000-0x00000000037EC000-memory.dmp

    Filesize

    2.0MB

    Download