Overview

overview

10

Static

static

3

3147cdf214...e1.exe

windows7-x64

10

3147cdf214...e1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    61s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-12-2024 07:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3147cdf214d6ea10f730524989e5179c7e6299bd2bdc60cd4c651b0a10d98ae1.exe

  • Size

    2.2MB

  • MD5

    664c1e089f7daabb50b054040b60ac8f

  • SHA1

    d0fbf03fbc8c0a1209ff31ec522bf120d033f8d7

  • SHA256

    3147cdf214d6ea10f730524989e5179c7e6299bd2bdc60cd4c651b0a10d98ae1

  • SHA512

    cb7c26bf43f1452123eaf3f1e5ad9ae7f35810d5305ba270389822c0a8f726bf0c7e330f11a88860d5917c8faf5d3307ea6e834a66373f21d632973811e49a16

  • SSDEEP

    49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEv30:RF8QUitE4iLqaPWGnEvk

Score
10/10
banloaddiscoverydownloaderdropperevasionransomwaretrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Banload family
    banload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Renames multiple (249) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3147cdf214d6ea10f730524989e5179c7e6299bd2bdc60cd4c651b0a10d98ae1.exe
    "C:\Users\Admin\AppData\Local\Temp\3147cdf214d6ea10f730524989e5179c7e6299bd2bdc60cd4c651b0a10d98ae1.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:4328

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\desktop.ini.tmp
    Filesize

    2.3MB

    MD5

    7960f30dc4cb86737dfd69c678bb196f

    SHA1

    526a40fdd11c43b50dee302d30604406660b303a

    SHA256

    d967e1ad8a393020c9b1ca33feaf8da2a32e88745d12461804fd54cc5be032cc

    SHA512

    11c7a6a24418208d4d66499f864e766a479bb80c5bdb9d27a3c73d5a628f7f2df5b0ff5705369670e201f9bae985fb0ba42dc3e047d1c40fd9be462a831941c3

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    2.4MB

    MD5

    c07f1af242df3f08bdc878450aa64642

    SHA1

    e80d35ac6540be9bf1c9b7e099f4ef05eda5a6c2

    SHA256

    892053378b418df08fe79857c35969657ab391c0a73abb548124d7c60604aa0d

    SHA512

    d911b01eab9a1ed72edb86124adb0499858be635bf2cf96def6c7199c95de606350b2c13f6f2912981115e345e5b2237e86c9aa61da966e80a857d8a69d3147a

    Download Submit

  • memory/4328-0-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4328-2-0x0000000004980000-0x0000000004B8C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4328-9-0x0000000004980000-0x0000000004B8C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4328-12-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4328-13-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4328-14-0x0000000004980000-0x0000000004B8C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4328-58-0x0000000004980000-0x0000000004B8C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4328-59-0x0000000004980000-0x0000000004B8C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4328-170-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4328-192-0x0000000004980000-0x0000000004B8C000-memory.dmp

    Filesize

    2.0MB

    Download