Overview

overview

10

Static

static

3

c35b3b6eac...18.exe

windows7-x64

7

c35b3b6eac...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

CI3.exe

windows7-x64

10

CI3.exe

windows10-2004-x64

10

GLWorker.exe

windows7-x64

10

GLWorker.exe

windows10-2004-x64

10

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

bass.dll

windows7-x64

3

bass.dll

windows10-2004-x64

3

readme.htm

windows7-x64

3

readme.htm

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-12-2024 16:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CI3.exe

  • Size

    2.4MB

  • MD5

    7fc7d17fe99e96b403224b6d0363f6e8

  • SHA1

    a892e59ccb3b95ad8e50ab8bcfa9925b92c219fe

  • SHA256

    15c5e0826a4ec78ae00ccff64a3a63e365a6dfb2cd3efa87608e88ab45ec19cb

  • SHA512

    9c3cfdbb3b93b61d9d38e65c9a1ab1da5bcbe6f428a6eebae53ea70fa1076c5996e9085a231cabe5c5cc1ca366880901f9c1f15a8cb8fcdc5f811f49323ffe8c

  • SSDEEP

    49152:unEwQWnvUTHKW6NUUOnfPd5wydwdqWiK+l4/qB:unEAkKW6CUAfPSdZiK5/Q

Score
10/10
banloaddiscoverydownloaderdropperevasiontrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Banload family
    banload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 17 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CI3.exe
    "C:\Users\Admin\AppData\Local\Temp\CI3.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2244
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x2e0 0x4ac
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\InterAction studios\CI3\3.50iwn\CI3.cfg
    Filesize

    871B

    MD5

    888ef788e9638027cdb6eeb0332067d8

    SHA1

    41b6955f86dd527ab09ec481281e43247b9e52c6

    SHA256

    0d2888b864984e6f414451f7fdeb3c287d4584e8b1cdf62d4ca823c283f65eca

    SHA512

    2b1d9b9c2e5831cd6d16dae7c4c8ea763984bb63d9573fe2bd71f9ad5d54e510be88a4de976d8890c26a8282c6af794a1b3e9bc0af0fedcd9f89d7e1e3c91371

    Download Submit

  • C:\ProgramData\InterAction studios\CI3\3.50iwn\CI3.cfg
    Filesize

    871B

    MD5

    a31293afbcdaec4c6ddb6cab0d2b1aef

    SHA1

    5bf1c5f871dc7f1e8c84b97c1ea331218ff12fa1

    SHA256

    11b7ae28b7939eef8b7354f3a4724cbc83f08ef5ac9eb08f6e5db44af9f30172

    SHA512

    c7696ccb719b4f0362976a97d971cbdbb053c753143ec70756d47d7dc3c69cc83e1fd90057244901add001b6fb31d3002472621dd2edb70d93276f0f70007ec8

    Download Submit

  • C:\ProgramData\InterAction studios\CI3\3.50iwn\CI3.cfg
    Filesize

    691B

    MD5

    fd13f67c6b6182fcc139c22ea2e5533d

    SHA1

    ec7e15a544cb1b925e315f6c37e32f205738e58b

    SHA256

    8a94cc1f4400f4c67e76759fec9045721f919613ccaa3831e2668a3c5992dad5

    SHA512

    192df534c9a28fbef4c8885b7fab420bf20e058b82a5369db085b28b6644d3e56b7e90b3fcb18e99e380950fb7f88c1088080f86a960d57a4bf7f0b83fa77bcd

    Download Submit

  • C:\ProgramData\InterAction studios\CI3\3.50iwn\CI3.cfg
    Filesize

    841B

    MD5

    7578973bd9ff088c211d5014b730a16c

    SHA1

    d9ba76c07fdf1f6452ea86b3a748d65e4bccb21a

    SHA256

    c7ec425954cffb9fa8bd71861b67eb051a662ce4d504a64683499c4f9d99874c

    SHA512

    0300874244c7defac70d09208daebdd0bf0c24eda6ce29e581a38d0caa0dc0a8006d06cd51f6e69b40d845672dc34bd5d4d30911a3e08daabc12ae0987963f06

    Download Submit

  • memory/2244-121-0x0000000000400000-0x0000000000841000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2244-12-0x0000000000400000-0x0000000000841000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2244-18-0x0000000002C00000-0x0000000002E00000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2244-123-0x0000000000400000-0x0000000000841000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2244-16-0x0000000000400000-0x0000000000841000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2244-125-0x0000000000400000-0x0000000000841000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2244-14-0x0000000000400000-0x0000000000841000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2244-126-0x0000000010000000-0x0000000010040000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2244-95-0x0000000002C00000-0x0000000002E00000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2244-94-0x0000000002C00000-0x0000000002E00000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2244-8-0x0000000002C00000-0x0000000002E00000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2244-2-0x0000000002C00000-0x0000000002E00000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2244-116-0x0000000000400000-0x0000000000841000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2244-118-0x0000000010000000-0x0000000010040000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2244-117-0x0000000000400000-0x0000000000841000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2244-120-0x0000000010000000-0x0000000010040000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2244-119-0x0000000000400000-0x0000000000841000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2244-122-0x0000000010000000-0x0000000010040000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2244-0-0x0000000000400000-0x0000000000841000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2244-124-0x0000000010000000-0x0000000010040000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2244-17-0x0000000010000000-0x0000000010040000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2244-15-0x0000000000400000-0x0000000000841000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2244-11-0x0000000000400000-0x0000000000841000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2244-128-0x0000000010000000-0x0000000010040000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2244-127-0x0000000000400000-0x0000000000841000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2244-130-0x0000000010000000-0x0000000010040000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2244-129-0x0000000000400000-0x0000000000841000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2244-132-0x0000000010000000-0x0000000010040000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2244-131-0x0000000000400000-0x0000000000841000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2244-134-0x0000000010000000-0x0000000010040000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2244-133-0x0000000000400000-0x0000000000841000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2244-136-0x0000000010000000-0x0000000010040000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2244-135-0x0000000000400000-0x0000000000841000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2244-138-0x0000000010000000-0x0000000010040000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2244-137-0x0000000000400000-0x0000000000841000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2244-140-0x0000000010000000-0x0000000010040000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2244-139-0x0000000000400000-0x0000000000841000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2244-142-0x0000000010000000-0x0000000010040000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2244-141-0x0000000000400000-0x0000000000841000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2244-144-0x0000000010000000-0x0000000010040000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2244-143-0x0000000000400000-0x0000000000841000-memory.dmp

    Filesize

    4.3MB

    Download