Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

846e4863e5...f7.exe

windows7-x64

10

846e4863e5...f7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    60s
  • max time network
    34s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/12/2024, 19:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    846e4863e5e6ec0908b1b65f3b30cbe3a55e69e90f85c82bc566fd94998d66f7.exe

  • Size

    3.2MB

  • MD5

    47d06e6b32e5e3eb65911d608a281f6f

  • SHA1

    58dfba0294740085af8b3e4733bca9627b4254a8

  • SHA256

    846e4863e5e6ec0908b1b65f3b30cbe3a55e69e90f85c82bc566fd94998d66f7

  • SHA512

    2f04eb93663d74a14f82872d6d1efc3165ab387d14566128d3d0a41aaeb895d25d70bb7038f83e6788e05b79f82937a5774b00dccc7591afd8b6668714931dcf

  • SSDEEP

    49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVPYOKQrgCGuVjIymPh7TTY9y:RF8QUitE4iLqaPWGnEv+OKQr8TTb

Score
10/10
banloaddiscoverydownloaderdropperevasionransomwaretrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Banload family
    banload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Renames multiple (221) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\846e4863e5e6ec0908b1b65f3b30cbe3a55e69e90f85c82bc566fd94998d66f7.exe
    "C:\Users\Admin\AppData\Local\Temp\846e4863e5e6ec0908b1b65f3b30cbe3a55e69e90f85c82bc566fd94998d66f7.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:2152

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp
    Filesize

    3.4MB

    MD5

    984a0cf32ed46dbdc607d6078c5333f2

    SHA1

    4d8e463ae560a3f9fd2f37ec0ab77670f13703a6

    SHA256

    14a90eb92d59933a5573dab9932767d47f724a94698418bc02e6006b24e16546

    SHA512

    229336d82003e6251de0d8878e664ffce027882b9ddb2142bcbc2853b9123adb275d9a57e92f1d924332f0f4dbbad9b5c53559d1f05c896f571f4351cdb9e8ee

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    3.4MB

    MD5

    08696e2c7e1bab15e8608742f26c2728

    SHA1

    297153f7d653b233c1ae416a472644198c9b4cba

    SHA256

    a2593dd3acfc4da405fa683ca2f5be6bba0b8ac74fb459f882be52d8b1f291f0

    SHA512

    dc9653b7f78fd8f767a88ec1251e7bf87bbd1f2701662f1a06e3e56c470b8b9ade375c1a002741ee887893450838cb0c3ec98158536011136f8e6ddf6bbe7d89

    Download Submit

  • memory/2152-0-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2152-2-0x0000000004900000-0x0000000004B0C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2152-9-0x0000000004900000-0x0000000004B0C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2152-12-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2152-13-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2152-14-0x0000000004900000-0x0000000004B0C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2152-48-0x0000000004900000-0x0000000004B0C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2152-49-0x0000000004900000-0x0000000004B0C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2152-132-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2152-150-0x0000000004900000-0x0000000004B0C000-memory.dmp

    Filesize

    2.0MB

    Download