Overview

overview

10

Static

static

3

f9b433ba31...3N.exe

windows7-x64

10

f9b433ba31...3N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04-01-2025 07:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f9b433ba318ab698060d5fd501954b03413e148ec24b046ea78de3a22774d6f3N.exe

  • Size

    2.8MB

  • MD5

    bee59f0c7a37f46356664b993b29c700

  • SHA1

    eb702c3a42915c691652f115683a5fb2ff3981b9

  • SHA256

    f9b433ba318ab698060d5fd501954b03413e148ec24b046ea78de3a22774d6f3

  • SHA512

    6df706ddccea6c35e7b91c57e632dc84cd91cceb8efde2baa7813576305088026459209ebcf0a5c999b731ccf9a14ec520e6a425c43d5e75ab60eb6ba0391174

  • SSDEEP

    49152:RVvn8Q5CHCtE4jPTTm4uBLq9gtMyMpy7nEvVzY+UOlk0l:RF8QUitE4iLqaPWGnEv3l

Score
10/10
banloaddiscoverydownloaderdropperevasionransomwaretrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Banload family
    banload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Renames multiple (222) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 49 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f9b433ba318ab698060d5fd501954b03413e148ec24b046ea78de3a22774d6f3N.exe
    "C:\Users\Admin\AppData\Local\Temp\f9b433ba318ab698060d5fd501954b03413e148ec24b046ea78de3a22774d6f3N.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:2036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp
    Filesize

    2.9MB

    MD5

    4ebed878f1043b3f2242858720344a0d

    SHA1

    72b32006da2941add3b7324bf3c9eed7282f5585

    SHA256

    45a7f72ae3e6fbae562836491f862723a94be9d8ef22aeb2deea3993c624d47b

    SHA512

    b094dd30356190bd22ea43d05f920d7c9dfed21e573cdc4e2cf6f0f97aa1030b769412dbcab9a5278373f8e0e44ae0c223d3613c1814aee0ee66afa1542fce05

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    2.9MB

    MD5

    92d4eca35d9b86afa615c63c69b316b1

    SHA1

    f073dce6d1daf80e0ab944db657199a8c6db13cd

    SHA256

    fff79f44b441810dacdce32e1929afe3ef6a8d9b8fa98349a6589556a833145a

    SHA512

    0d5b5f8a127105d4964c19c7431dc285e02347ba9e5d88ea9674a5e63f72b40c76e54d65de407e62977f28b8a70dfab3a5246cf838b13c5cd7231093a694e3a1

    Download Submit

  • memory/2036-0-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2036-8-0x0000000002FE0000-0x00000000031EC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2036-1-0x0000000002FE0000-0x00000000031EC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2036-12-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2036-11-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2036-13-0x0000000002FE0000-0x00000000031EC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2036-26-0x0000000002FE0000-0x00000000031EC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2036-25-0x0000000002FE0000-0x00000000031EC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2036-43-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2036-51-0x0000000002FE0000-0x00000000031EC000-memory.dmp

    Filesize

    2.0MB

    Download