Overview

overview

10

Static

static

3

99720d4692...5b.exe

windows7-x64

10

99720d4692...5b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    60s
  • max time network
    38s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-12-2024 19:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    99720d4692de6ffc03f6f71713accf903387729e685dfd091d92c6e8605c485b.exe

  • Size

    4.8MB

  • MD5

    ae814e0b9947b36ae1fc82e5ed2648ed

  • SHA1

    d6fbfcd6b11d7a571f8e4d3a360d8f5001c1901c

  • SHA256

    99720d4692de6ffc03f6f71713accf903387729e685dfd091d92c6e8605c485b

  • SHA512

    5fab9b9434479d80d2a8c8172c7d579c6bd070c75679d2f2d605c95e31496b3aba58bfca82c7d0b35189e3ff67dfb6d8c4b93660ca4f5d80519592575510d6f3

  • SSDEEP

    49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVPYOKQrgCGMxu3fFne4j4ZXums:RF8QUitE4iLqaPWGnEv+OKQr8MAvFrd

Score
10/10
banloaddiscoverydownloaderdropperevasionransomwaretrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Banload family
    banload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Renames multiple (218) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\99720d4692de6ffc03f6f71713accf903387729e685dfd091d92c6e8605c485b.exe
    "C:\Users\Admin\AppData\Local\Temp\99720d4692de6ffc03f6f71713accf903387729e685dfd091d92c6e8605c485b.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:1548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.tmp
    Filesize

    5.0MB

    MD5

    024a7c317b6f40c42ddd32274e198d05

    SHA1

    f2543397f307bf7de77ff14129fcd6e604b8361a

    SHA256

    667245faaac0e5002ef00b904f1cb7fb44b9857422a0fc29c64555d85463405e

    SHA512

    cd07a9647f9eb823c623202a3bb75af4f765033b068aa97975eec31444b1749d5fb6ac4273552ee4884d69be6511690f7804e938cdfd61011fc44ed17003c3a1

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    5.1MB

    MD5

    37e12dbb1957a5abec6ac46d827aa361

    SHA1

    58ab339117d163e43d7d1a38318ff42db84031c8

    SHA256

    01700a90659806e612eb28534a410bb7945a6830e6276a3c0508c76f84241cf2

    SHA512

    48cb215403ba66527d6cf1df30c5816972bf623a0e32bffebd17dc64adca147fb1a1ff460eb988e1ba3be7cee4e59360f62958d72d513f6f0f353d0b59233569

    Download Submit

  • memory/1548-0-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1548-2-0x0000000004370000-0x000000000457C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1548-9-0x0000000004370000-0x000000000457C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1548-12-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1548-13-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1548-14-0x0000000004370000-0x000000000457C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1548-34-0x0000000004370000-0x000000000457C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1548-35-0x0000000004370000-0x000000000457C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1548-90-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1548-102-0x0000000004370000-0x000000000457C000-memory.dmp

    Filesize

    2.0MB

    Download