Overview

overview

10

Static

static

3

70959e2488...dN.exe

windows7-x64

10

70959e2488...dN.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-12-2024 12:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    70959e24889326fecdd66e6c15a47c61869e04562c5e4e82af8cec7b1e0c094dN.exe

  • Size

    4.8MB

  • MD5

    04e697d5f0b44950d238fe8cbdef64e0

  • SHA1

    f55e91c748b9acd02d9c10d775c2e8cca1b8c6a0

  • SHA256

    70959e24889326fecdd66e6c15a47c61869e04562c5e4e82af8cec7b1e0c094d

  • SHA512

    a6a840b4cf63fc7e23b74358aac4a4ff59d6f67d011a79ecf51be8640af43cc2efa3cb8e1bbb13853f1c401950334353c826b90b7c00b53b109b6628cb5e9c95

  • SSDEEP

    98304:RF8QUitE4iLqaPWGnEvK7RkOEEo+A7mOk3oaCVA7m2d:RFQWEPnPBnEXE

Score
10/10
banloaddiscoverydownloaderdropperevasionransomwaretrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Banload family
    banload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Renames multiple (294) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\70959e24889326fecdd66e6c15a47c61869e04562c5e4e82af8cec7b1e0c094dN.exe
    "C:\Users\Admin\AppData\Local\Temp\70959e24889326fecdd66e6c15a47c61869e04562c5e4e82af8cec7b1e0c094dN.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp
    Filesize

    4.9MB

    MD5

    42df17c04e193edff9de2dab5f5a3886

    SHA1

    abe48090d86b4428f2125dd78feeb5a1b0df16c3

    SHA256

    8228ae18f47e921a9e5941eb8ff105e5414af37022fdab42c20eefcacc541a10

    SHA512

    38293f1707792bf3cecf80c2743b5de95a67486acdd4c3eb81953f8a9f52e00171d5a67364a776426a594ab126f56c9d5f7ae24356fa1b4f48b0ce234938c48c

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    5.0MB

    MD5

    67aa16605171b4438c9f7fad9bb998e3

    SHA1

    615fe3f0a33f1cf1e80a3edf2f4dbd0f97404c3a

    SHA256

    9da58dfd541df1bb971b6fe3f1a6ed24a7ac628e1b831ce1ebd1343ac5116f43

    SHA512

    4eeefc839a81733da06b2d2cd8f8f1b80685739a641953728871c03436bf5ad98b78aefeeef1ec38ab05b59e64883ea5e4e4b9fe7081ef085a3c132d364f8079

    Download Submit

  • memory/2696-0-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2696-2-0x0000000004400000-0x000000000460C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2696-9-0x0000000004400000-0x000000000460C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2696-13-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2696-12-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2696-14-0x0000000004400000-0x000000000460C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2696-34-0x0000000004400000-0x000000000460C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2696-88-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2696-100-0x0000000004400000-0x000000000460C000-memory.dmp

    Filesize

    2.0MB

    Download