Overview

overview

10

Static

static

3

73aa60a693...e2.exe

windows7-x64

10

73aa60a693...e2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    60s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27-12-2024 20:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    73aa60a6934a503658c4f7df4ba463ac1fc1dbddce00dd9dfe9e8ddfb6e8fbe2.exe

  • Size

    6.5MB

  • MD5

    c92d7a2fac3a4e82d3c44a7105b2b36e

  • SHA1

    cd3ee7e3072fd3a34db3cc486dc060675d7d31b5

  • SHA256

    73aa60a6934a503658c4f7df4ba463ac1fc1dbddce00dd9dfe9e8ddfb6e8fbe2

  • SHA512

    006cc7cc74ac097fa18e6585bb77729977cece28ea8950c3c29b4f2604632009fc0f425f9fcb91109494bd668b00404c013bae035f45d4b5e491f6f44ad775fd

  • SSDEEP

    98304:RF8QUitE4iLqaPWGnEv7/IJsiC5sop7cTx:RFQWEPnPBnEAsiC592Tx

Score
10/10
banloaddiscoverydownloaderdropperevasionransomwaretrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Banload family
    banload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Renames multiple (107) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 24 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\73aa60a6934a503658c4f7df4ba463ac1fc1dbddce00dd9dfe9e8ddfb6e8fbe2.exe
    "C:\Users\Admin\AppData\Local\Temp\73aa60a6934a503658c4f7df4ba463ac1fc1dbddce00dd9dfe9e8ddfb6e8fbe2.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:1836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp
    Filesize

    6.6MB

    MD5

    398988f8914ecf86b7a417ac1507fd60

    SHA1

    5064664bdda5fcd115a420a325100f7c7e10f452

    SHA256

    4d7be4c1ffeb47a785ac90c9ce8f11fd14a232ae8b94ab5dd595fe0019375625

    SHA512

    cfedd7af4b7823538232ad6de75499503bd8ab2e3026bc57a9715c838eaf5db6a19e42440b87fb19e7015e25b901ff9cf1ada6017231adf603939219d94eb28e

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    6.6MB

    MD5

    edefc5994e13a691144c6bea79f86453

    SHA1

    11664ac0c0064a0fa893031b5da3b2669eacbe9a

    SHA256

    1edc996656e4e1458710affcbad948767df7be6e5229b47f93dea787966bb747

    SHA512

    29d1fb1041fdefa8ffeea09815c3eea968f2842d000c3dd8d5ac61236cd16a07111019bd831806a4f5dad6545a91106ec47baa10719af8e9a3a985e305f680bf

    Download Submit

  • memory/1836-0-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1836-1-0x0000000002FC0000-0x00000000031CC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1836-8-0x0000000002FC0000-0x00000000031CC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1836-12-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1836-11-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1836-13-0x0000000002FC0000-0x00000000031CC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1836-25-0x0000000002FC0000-0x00000000031CC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1836-37-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1836-43-0x0000000002FC0000-0x00000000031CC000-memory.dmp

    Filesize

    2.0MB

    Download