Overview

overview

10

Static

static

3

694f0b5f02...14.exe

windows7-x64

10

694f0b5f02...14.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    02-01-2025 00:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    694f0b5f02a40b7678ada6f1fbc223e4b0f6d7255146089973506c2fec7df414.exe

  • Size

    2.7MB

  • MD5

    42f061bafdb03901e4936f82634d89a9

  • SHA1

    571a8dc91115d9d18329e9d7650107a157ffdc79

  • SHA256

    694f0b5f02a40b7678ada6f1fbc223e4b0f6d7255146089973506c2fec7df414

  • SHA512

    254e73edd8467f3797f915bd0c1186281c314dbb3ec6005ae6af99cabd9115b0bc06f63fbf77c53d6d87fa548fc924d3be3ea28a9de028195dea97cd631b7415

  • SSDEEP

    49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVCMu7hp4:RF8QUitE4iLqaPWGnEvgMJ

Score
10/10
banloaddiscoverydownloaderdropperevasionransomwaretrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Banload family
    banload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Renames multiple (230) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 19 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\694f0b5f02a40b7678ada6f1fbc223e4b0f6d7255146089973506c2fec7df414.exe
    "C:\Users\Admin\AppData\Local\Temp\694f0b5f02a40b7678ada6f1fbc223e4b0f6d7255146089973506c2fec7df414.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:2500

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
    Filesize

    2.8MB

    MD5

    d70ebb3d13905b2453ce601134581561

    SHA1

    13024869febb59254df88c530dfa2f6e97f60ac8

    SHA256

    3e07211c0a1f761b9582602a03415b039f401c59feb6569141ec7c66474d585c

    SHA512

    cca61b0ad54557bdf29d7a9cc4d780580dc92ce0723dba886fd14a530f919eb3200de6a7c43e07909c8683d77379cf9c3a8f7cd417dc14ac07b6d2287ff3b333

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    2.8MB

    MD5

    52ea68934a016de7034d6966f0b782ca

    SHA1

    9b14bef01a8a385fb7f47d4c1f9cf8fb08c4d8c5

    SHA256

    8bed527a9d0d0ddb1e9e14c93a51bd262647aa51cf98a4c7d198f555c318af40

    SHA512

    c028d43d35e1cc588bbc047476264c945acb6d3b1e6b318bab4d63abfaf7a0fa02489d57b63333bd94fdad8a397a4157aa68be982cd6d39c278a9de2e0895567

    Download Submit

  • memory/2500-0-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2500-1-0x0000000002FF0000-0x00000000031FC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2500-8-0x0000000002FF0000-0x00000000031FC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2500-12-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2500-11-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2500-13-0x0000000002FF0000-0x00000000031FC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2500-25-0x0000000002FF0000-0x00000000031FC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2500-26-0x0000000002FF0000-0x00000000031FC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2500-43-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2500-49-0x0000000002FF0000-0x00000000031FC000-memory.dmp

    Filesize

    2.0MB

    Download