Overview

overview

10

Static

static

3

82f2b4a9ef...a2.exe

windows7-x64

10

82f2b4a9ef...a2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/03/2025, 02:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    82f2b4a9efe71dbaebd47d6a5f0f4f81ea5e107610745f12373bd706ab01eaa2.exe

  • Size

    3.1MB

  • MD5

    49736562f838b77d4965801d98452def

  • SHA1

    5a6fed8a35c91f02672bc5b29f833d4e6ad53a89

  • SHA256

    82f2b4a9efe71dbaebd47d6a5f0f4f81ea5e107610745f12373bd706ab01eaa2

  • SHA512

    bea46fe161a992419ecbe5754bf294f18a229e36d88fb8ee99c888b8d57c247a53b180a4e620b1b93043868535fdd8dcddb5f822486110ed37e6c9a8c82484f4

  • SSDEEP

    49152:euWJCbWiLqRTNXYkier+1tgM68B1ECYJgkIlma2sx05tE:eugCSiwIPer+1tR68B+5JAmAxStE

Score
10/10
banloaddiscoverydownloaderdroppertrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Banload family
    banload
  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 59 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\82f2b4a9efe71dbaebd47d6a5f0f4f81ea5e107610745f12373bd706ab01eaa2.exe
    "C:\Users\Admin\AppData\Local\Temp\82f2b4a9efe71dbaebd47d6a5f0f4f81ea5e107610745f12373bd706ab01eaa2.exe"
    1⤵
    • Checks BIOS information in registry
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4392
    • C:\Users\Admin\AppData\Local\Temp\82f2b4a9efe71dbaebd47d6a5f0f4f81ea5e107610745f12373bd706ab01eaa2.exe
      "C:\Users\Admin\AppData\Local\Temp\82f2b4a9efe71dbaebd47d6a5f0f4f81ea5e107610745f12373bd706ab01eaa2.exe"
      2⤵
      • Checks BIOS information in registry
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      PID:2060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Licenses\0F3444CB9E7EC53A1.Lic
    Filesize

    138B

    MD5

    02d63f90451f71e73bfeef77e2de138a

    SHA1

    e741a3fd7a021b744290c7217b6ae2e154065843

    SHA256

    5efdf6f602a7be37dc0fcaf26fb784c06920953e4e42fa0452b2dbb091ccaa64

    SHA512

    67b855eaf8e5dac35fe84664dff7cd88d318ac4e36aca0a5bfdac255f2b8b25d20c255ef8d1ba1852f9fb1b1f807f7bce304f1b4b77c044d1992ecbe09c600f9

    Download Submit

  • memory/2060-39-0x0000000000400000-0x00000000008B4000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/2060-28-0x0000000002B80000-0x0000000002D81000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2060-48-0x0000000000400000-0x00000000008B4000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/2060-43-0x0000000002B80000-0x0000000002D81000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2060-36-0x0000000000400000-0x00000000008B4000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/2060-38-0x0000000000400000-0x00000000008B4000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/2060-35-0x0000000000400000-0x00000000008B4000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/2060-37-0x0000000000400000-0x00000000008B4000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/2060-40-0x0000000002B80000-0x0000000002D81000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2060-22-0x0000000002B80000-0x0000000002D81000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4392-16-0x0000000000400000-0x00000000008B4000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/4392-2-0x0000000002BF0000-0x0000000002DF1000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4392-8-0x0000000002BF0000-0x0000000002DF1000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4392-20-0x0000000002BF0000-0x0000000002DF1000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4392-0-0x0000000000400000-0x00000000008B4000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/4392-15-0x0000000000400000-0x00000000008B4000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/4392-18-0x0000000002BF0000-0x0000000002DF1000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4392-17-0x0000000000400000-0x00000000008B4000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/4392-14-0x0000000000400000-0x00000000008B4000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/4392-44-0x0000000000400000-0x00000000008B4000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/4392-13-0x0000000000400000-0x00000000008B4000-memory.dmp

    Filesize

    4.7MB

    Download