Overview

overview

10

Static

static

3

8d8fceab65...8d.exe

windows7-x64

10

8d8fceab65...8d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-12-2024 19:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d8fceab6594860d035438ce97bfc7a0401bbece8604e9a84c0fa7beea16828d.exe

  • Size

    4.0MB

  • MD5

    b8f4d3e558f7069b5020f7024e6480b3

  • SHA1

    49da493a24e179fac1c0217577966c9af42954b7

  • SHA256

    8d8fceab6594860d035438ce97bfc7a0401bbece8604e9a84c0fa7beea16828d

  • SHA512

    21e88209d4059a3135e81d7b403806f26266548522b06123192f4df15cb72d1896d3801cd35581d2b9e92d76df61e606fca2f46a0a4fd30afc8f869f0b63223d

  • SSDEEP

    98304:RF8QUitE4iLqaPWGnEv+OKQr8MAvFrpHv/kAZIlnHyA:RFQWEPnPBnEmOKIbGpPMAZcyA

Score
10/10
banloaddiscoverydownloaderdropperevasionransomwaretrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Banload family
    banload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Renames multiple (572) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d8fceab6594860d035438ce97bfc7a0401bbece8604e9a84c0fa7beea16828d.exe
    "C:\Users\Admin\AppData\Local\Temp\8d8fceab6594860d035438ce97bfc7a0401bbece8604e9a84c0fa7beea16828d.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:5008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\desktop.ini.tmp
    Filesize

    4.1MB

    MD5

    c93f262026680aae40e9322669881348

    SHA1

    f76f605c43631f52b7b27e672a86a30595804cb9

    SHA256

    2661312c4a72c8df183113bd40697d888e363c53f11f515c503cec02ca2e1f4d

    SHA512

    85397c445472028aee76aca78209ad58f836145e628869da1174e4da3b99ee69af97f1bfd63005a32014eae4960fed3a491b059e61adb01302f802f856c35516

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    4.2MB

    MD5

    9e85be40ab2c78a57a722dc5a422e778

    SHA1

    67a690ff968bcd14fbcff6d6e950072cf792bec1

    SHA256

    58c4995023c5a18b7200c34d50df125a668476af24f498ded3da5cb76a0c6e90

    SHA512

    3740223cc3e2ff6b01e8942b8b5bef3ad667d3bfb5178b59de8d86644844b031e91c000c9483fd09c1d6607059e42a932495e1aaa438678d72a448c116d2c2df

    Download Submit

  • memory/5008-0-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/5008-2-0x0000000004840000-0x0000000004A4C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5008-9-0x0000000004840000-0x0000000004A4C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5008-13-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/5008-12-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/5008-14-0x0000000004840000-0x0000000004A4C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5008-43-0x0000000004840000-0x0000000004A4C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5008-42-0x0000000004840000-0x0000000004A4C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5008-110-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/5008-124-0x0000000004840000-0x0000000004A4C000-memory.dmp

    Filesize

    2.0MB

    Download