Overview

overview

10

Static

static

3

871f947562...45.exe

windows7-x64

10

871f947562...45.exe

windows10-2004-x64

10

Resubmissions

27-12-2024 19:40

241227-ydma1symep 10

27-12-2024 19:36

241227-yblayaykfy 10

Analysis

  • max time kernel
    60s
  • max time network
    43s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-12-2024 19:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe

  • Size

    3.9MB

  • MD5

    415fdd816519e04471cdb6e54f7e7f95

  • SHA1

    94b06d48ec16ac9411433624d5aa8eb98973c7d3

  • SHA256

    871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845

  • SHA512

    d7ff3e9a834ccde1f7e44268533dc42abc6af4b933e39c8ba6f2406975a4e6a8c60161e5a4b529fdcf87213b05827bc3b1789b65b977c8791151acc769e91d9a

  • SSDEEP

    98304:RF8QUitE4iLqaPWGnEvK7RkOEEo+A7mOkO:RFQWEPnPBnEX3

Score
10/10
banloaddiscoverydownloaderdropperevasionransomwaretrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Banload family
    banload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Renames multiple (222) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
    "C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:5056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp
    Filesize

    4.0MB

    MD5

    704e3d81a837ce2df20f17ff7afe54cf

    SHA1

    39d394d7f4985b28e3f7258caf39b42eaa606a92

    SHA256

    ebcccc934cd2668083bcb9ca518886da2e4ffd66e6c791acc8a2e9f02e20aeb4

    SHA512

    b6245a67f47ee241253f5e63f4b01926030fe5786f24a20d8157014db0de5cc3081ae2ba0e948afdecd30bd583c460c2946593cd24ed8dbf13e9b10ccd1f517c

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    4.1MB

    MD5

    26970287a2104ad8d053953fae71e416

    SHA1

    8921659cdf3c6a6f88fafe5f1eba7eb9650c65cc

    SHA256

    50c710450b2a3df13000919bbcacac6187dc0deebebdf083747c3e13b68acdb3

    SHA512

    e6c0475b7f9f78d045102692e103912318bd440fc40c5d26de30906f832c110c4513e5d798669641534a385d5750db4e14c5a836a516f5e8e07f5550a0f6a8d2

    Download Submit

  • memory/5056-0-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/5056-2-0x00000000043C0000-0x00000000045CC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5056-8-0x00000000043C0000-0x00000000045CC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5056-11-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/5056-12-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/5056-13-0x00000000043C0000-0x00000000045CC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5056-37-0x00000000043C0000-0x00000000045CC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5056-38-0x00000000043C0000-0x00000000045CC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5056-103-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/5056-117-0x00000000043C0000-0x00000000045CC000-memory.dmp

    Filesize

    2.0MB

    Download