Overview

overview

10

Static

static

3

3147cdf214...e1.exe

windows7-x64

10

3147cdf214...e1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    19-12-2024 07:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3147cdf214d6ea10f730524989e5179c7e6299bd2bdc60cd4c651b0a10d98ae1.exe

  • Size

    2.2MB

  • MD5

    664c1e089f7daabb50b054040b60ac8f

  • SHA1

    d0fbf03fbc8c0a1209ff31ec522bf120d033f8d7

  • SHA256

    3147cdf214d6ea10f730524989e5179c7e6299bd2bdc60cd4c651b0a10d98ae1

  • SHA512

    cb7c26bf43f1452123eaf3f1e5ad9ae7f35810d5305ba270389822c0a8f726bf0c7e330f11a88860d5917c8faf5d3307ea6e834a66373f21d632973811e49a16

  • SSDEEP

    49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEv30:RF8QUitE4iLqaPWGnEvk

Score
10/10
banloaddiscoverydownloaderdropperevasionransomwaretrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Banload family
    banload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Renames multiple (197) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3147cdf214d6ea10f730524989e5179c7e6299bd2bdc60cd4c651b0a10d98ae1.exe
    "C:\Users\Admin\AppData\Local\Temp\3147cdf214d6ea10f730524989e5179c7e6299bd2bdc60cd4c651b0a10d98ae1.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:2660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp
    Filesize

    2.3MB

    MD5

    d5c3d7c256dad91033706728822ebcd8

    SHA1

    9e8b528fe700d40264877a7e7710780a75fdc964

    SHA256

    bb663622960284c898b6984c0adec40f5558b76d33ca6c748fdcb0e7e2d87e8c

    SHA512

    2aa77da077c36d12d1fe5e6ef33811400f53213b392aeb80eefb8796927d5860becd024e04b452b71230fe21429b0f711c0cdf05e9cfdde9fbae333613a6d1a6

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    2.3MB

    MD5

    29790cad7a784df2919f911565155d77

    SHA1

    f7275b97caa81ae18a01f79ab0d6ea57d5b6d3d5

    SHA256

    3380dc93b64a425df883bbaeeb6f2ac556ebf5125a48f61997f7dcffea0fbe0f

    SHA512

    242fcfab9db80c55bf15307875dbbcc4621fb8e6a6d82354cb2b4dc8babb9749aa40e920f98006b3ca2af60f5ea9ba29ac1f837c079ac3ef0d1af2d21cae00f9

    Download Submit

  • memory/2660-0-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2660-8-0x0000000003010000-0x000000000321C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2660-1-0x0000000003010000-0x000000000321C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2660-12-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2660-11-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2660-13-0x0000000003010000-0x000000000321C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2660-23-0x0000000003010000-0x000000000321C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2660-29-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2660-31-0x0000000003010000-0x000000000321C000-memory.dmp

    Filesize

    2.0MB

    Download