Overview

overview

10

Static

static

3

185a518f58...7N.exe

windows7-x64

10

185a518f58...7N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-01-2025 18:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    185a518f58d1722d00ae38f9114fc6c213b362f2b277a655bd10178a9f66a297N.exe

  • Size

    2.6MB

  • MD5

    f75a6d32a2b1ffdb5c64936e919060e0

  • SHA1

    03013bfeffb93f77a873b24fd860fdca7fc030ff

  • SHA256

    185a518f58d1722d00ae38f9114fc6c213b362f2b277a655bd10178a9f66a297

  • SHA512

    c864ffdc63d713b28cdadb59908b970a100916a39fd2a05dacb8500afe4f14675c4a91535626b4d3fc299d14971261ee7c24ca9f7524c62ebdfcfa8b5a992d99

  • SSDEEP

    49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVzYBJIUu:RF8QUitE4iLqaPWGnEvL

Score
10/10
banloaddiscoverydownloaderdropperevasionransomwaretrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Banload family
    banload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Renames multiple (632) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\185a518f58d1722d00ae38f9114fc6c213b362f2b277a655bd10178a9f66a297N.exe
    "C:\Users\Admin\AppData\Local\Temp\185a518f58d1722d00ae38f9114fc6c213b362f2b277a655bd10178a9f66a297N.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:4440

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp
    Filesize

    2.7MB

    MD5

    91753f3f0cbad8bce894fa2484d6fb79

    SHA1

    25334b77b373fd0b34d9ffef57b3b6a6432c75d0

    SHA256

    4d6e979357b20759b655df74a2156695a8f990f39611672ae91345bf31b1a566

    SHA512

    119d49c790a5d118b1bb56eaceff5589758fb6519d2fb9d79d8235e73285b19661e8d211c9601ce9c9e5fd821974b24146e5b6c2ed21b5ab152d91ed63749e5f

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    2.8MB

    MD5

    a816730e3229e97c4faaf072979846ce

    SHA1

    2e80cf50a178c60c6da20f2895d5a58dbff2881f

    SHA256

    d54d5082bb0d5be1ce3d8a21570c99f99e4d40a9b2391dd08ec4fe02144a021c

    SHA512

    b8220aea9c71c115f3503bf9e6217d36d8a708421b14439e2f4d934b4b01d2721ce48b04b23169328394bb4cb88f8e9b7c4e94cc75c01b4567f958b170de1914

    Download Submit

  • memory/4440-0-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4440-2-0x00000000049E0000-0x0000000004BEC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4440-9-0x00000000049E0000-0x0000000004BEC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4440-12-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4440-13-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4440-14-0x00000000049E0000-0x0000000004BEC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4440-49-0x00000000049E0000-0x0000000004BEC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4440-48-0x00000000049E0000-0x0000000004BEC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4440-148-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4440-170-0x00000000049E0000-0x0000000004BEC000-memory.dmp

    Filesize

    2.0MB

    Download