Overview

overview

10

Static

static

3

996f0d21dc...35.exe

windows7-x64

10

996f0d21dc...35.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    60s
  • max time network
    36s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-12-2024 19:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    996f0d21dc51c9079500382e1323af4588b3f7e0e0559d35a9ea3c16ee410535.exe

  • Size

    3.5MB

  • MD5

    12d9b6e676211158f5a0f0352f108087

  • SHA1

    6d7d4fccd243430580ff1c0150037b8a99a12937

  • SHA256

    996f0d21dc51c9079500382e1323af4588b3f7e0e0559d35a9ea3c16ee410535

  • SHA512

    2bfc9e85ef842b2b649ea61f18af140682aefe2111273507a1730b917704dd1934895296d7c9045865114e292691c7e5c9b107677a7892883412e9942b88c54d

  • SSDEEP

    49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVPYOKQrgCGMxu3fFne4j4ZXum7Y:RF8QUitE4iLqaPWGnEv+OKQr8MAvFrMY

Score
10/10
banloaddiscoverydownloaderdropperevasionransomwaretrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Banload family
    banload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Renames multiple (222) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\996f0d21dc51c9079500382e1323af4588b3f7e0e0559d35a9ea3c16ee410535.exe
    "C:\Users\Admin\AppData\Local\Temp\996f0d21dc51c9079500382e1323af4588b3f7e0e0559d35a9ea3c16ee410535.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp
    Filesize

    3.7MB

    MD5

    e3b3254accf45910369e76b782613d00

    SHA1

    e42a953659ac7d9954a416ccf9430371f0675126

    SHA256

    75205c9164a31aa854447f5a5228cbb65734aadb03f7fd60c00e32dc5ca9ebc0

    SHA512

    823cdd77f1ebbb754abdc50bd9c16ec8b2d9a3d7008f1c675f874b9e21fdabbb5b2046063bd487378ab3643a120b84844e22161644da7bf5c546840b9bc2b4de

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    3.8MB

    MD5

    dd3bd1bdde5b7e474b74f0caed9e89cb

    SHA1

    29a9bc1f2ad26de58d3b40ed388efe39d9356213

    SHA256

    db5610e6028f97570907c7c64adb9685b692cf1987964aa5d88e051d184ed41f

    SHA512

    23f4d4f972721e34f2021613fb382d8b3df15dba912ed0ee2c1f972c12c2db6862148d2010bfa50d0b3818e5aa9317cff8d858aa534109657b90f595537940eb

    Download Submit

  • memory/388-0-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/388-2-0x00000000049F0000-0x0000000004BFC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/388-9-0x00000000049F0000-0x0000000004BFC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/388-12-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/388-13-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/388-14-0x00000000049F0000-0x0000000004BFC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/388-37-0x00000000049F0000-0x0000000004BFC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/388-36-0x00000000049F0000-0x0000000004BFC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/388-102-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/388-116-0x00000000049F0000-0x0000000004BFC000-memory.dmp

    Filesize

    2.0MB

    Download