Overview

overview

10

Static

static

3

872efda22a...5e.exe

windows7-x64

10

872efda22a...5e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-12-2024 19:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    872efda22a1a464d90ed06cbdfc178e6ba06536805ce79f04c54991f6c8cad5e.exe

  • Size

    3.1MB

  • MD5

    49c1a0464aff4cbf082a8d73bd7db0d2

  • SHA1

    46f5b216fbd21e7c802d5a3c4cf9a19682f55593

  • SHA256

    872efda22a1a464d90ed06cbdfc178e6ba06536805ce79f04c54991f6c8cad5e

  • SHA512

    48caf07868efe35ce01ad61f14a5ff1a22e28553e3919a5640a98a5a4d84b1a70fa20123f1cb28110bc9bfe76e483fa91852baec759cb7d079f23532ccb244b7

  • SSDEEP

    49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVWiK7lji2Ayd:RF8QUitE4iLqaPWGnEvc

Score
10/10
banloaddiscoverydownloaderdropperevasionransomwaretrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Banload family
    banload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Renames multiple (709) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\872efda22a1a464d90ed06cbdfc178e6ba06536805ce79f04c54991f6c8cad5e.exe
    "C:\Users\Admin\AppData\Local\Temp\872efda22a1a464d90ed06cbdfc178e6ba06536805ce79f04c54991f6c8cad5e.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:4500

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp
    Filesize

    3.3MB

    MD5

    5e88fa37eecca2bf7b64c5270f74c966

    SHA1

    3a2df4743cf8254f5846708fdfb3ee5f463627cb

    SHA256

    ee8d7bd4cd7ff2327fa4418cf6c2a93e378ed6b2fc88d4d49a46df566d051d42

    SHA512

    d6d97dd8a8270082753b7bb4373c4c22cfc6a22ae75f0eff40fd940800495a2b2aa40c4f295c517cc63b8de46417a8b1df588db69f4152dae5ba847ebe7112aa

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    3.4MB

    MD5

    70c7c7448b42c1d9d4588c0d8f58ac16

    SHA1

    63d717ce868f05c6340bf833bf25d17e57f5a58f

    SHA256

    931cb4bf1f74593339e19e9b11538466aa9414aafbe0a8f6c3146c166c5d5dde

    SHA512

    bebd34048091b69cbc25e3865c72ed7a8e196099f4c15f14cc79e843db3a295dc42c70e0d9b6c0c638718e1af4fe2592929d19d41eca9974dddda6fb77acb4b7

    Download Submit

  • memory/4500-0-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4500-2-0x00000000049B0000-0x0000000004BBC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4500-9-0x00000000049B0000-0x0000000004BBC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4500-13-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4500-12-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4500-14-0x00000000049B0000-0x0000000004BBC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4500-41-0x00000000049B0000-0x0000000004BBC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4500-40-0x00000000049B0000-0x0000000004BBC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4500-124-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4500-138-0x00000000049B0000-0x0000000004BBC000-memory.dmp

    Filesize

    2.0MB

    Download