Overview

overview

10

Static

static

3

962208665e...15.exe

windows7-x64

10

962208665e...15.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    102s
  • max time network
    114s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/03/2025, 00:42 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    962208665e0733cb65acc4192a86befd1653b30c0302dc6b09be0ba08ba52515.exe

  • Size

    2.2MB

  • MD5

    975f3da1ab93ab0d6c40de6fff573a32

  • SHA1

    aeeb10b081796a3b4f54e205ae6fc6615a947d68

  • SHA256

    962208665e0733cb65acc4192a86befd1653b30c0302dc6b09be0ba08ba52515

  • SHA512

    862bb544e1a9746b1aac8e00d14a6989e63278607ac43f0d27cbab8cda255b13bb5e03ccf4eac26a9ddc18eb0b68b3c331b772826770dd1e70e608767028666f

  • SSDEEP

    49152:j2gYP6qkyHWWTEk4gov+M7+68B1ECYJgkCm+:j2fP6DyOkBov+Mq68B+5J41

Score
10/10
banloaddiscoverydownloaderdroppertrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Banload family
    banload
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\962208665e0733cb65acc4192a86befd1653b30c0302dc6b09be0ba08ba52515.exe
    "C:\Users\Admin\AppData\Local\Temp\962208665e0733cb65acc4192a86befd1653b30c0302dc6b09be0ba08ba52515.exe"
    1⤵
    • Checks BIOS information in registry
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:640

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.ax-0001.ax-msedge.net
    g-bing-com.ax-0001.ax-msedge.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f7b343c93f204e90901b51200a29fde9&localId=w:4ACC00A0-1788-710F-65CA-E695752A695C&deviceId=6896216935924576&anid=
    Remote address:
    150.171.28.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f7b343c93f204e90901b51200a29fde9&localId=w:4ACC00A0-1788-710F-65CA-E695752A695C&deviceId=6896216935924576&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=37A3E0155794670105CFF5A7561F6615; domain=.bing.com; expires=Sat, 11-Apr-2026 00:42:57 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0BDA479994274AC3B2FD872704EACF2D Ref B: FRA31EDGE0207 Ref C: 2025-03-17T00:42:57Z
    date: Mon, 17 Mar 2025 00:42:57 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f7b343c93f204e90901b51200a29fde9&localId=w:4ACC00A0-1788-710F-65CA-E695752A695C&deviceId=6896216935924576&anid=
    Remote address:
    150.171.28.10:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f7b343c93f204e90901b51200a29fde9&localId=w:4ACC00A0-1788-710F-65CA-E695752A695C&deviceId=6896216935924576&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=37A3E0155794670105CFF5A7561F6615
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=r6FRdKtv1XncuELSg3swKSz40RvxA5DRkLbhlx1ILhM; domain=.bing.com; expires=Sat, 11-Apr-2026 00:42:57 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: C108107A723F41D0954C0EE702215440 Ref B: FRA31EDGE0207 Ref C: 2025-03-17T00:42:57Z
    date: Mon, 17 Mar 2025 00:42:57 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f7b343c93f204e90901b51200a29fde9&localId=w:4ACC00A0-1788-710F-65CA-E695752A695C&deviceId=6896216935924576&anid=
    Remote address:
    150.171.28.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f7b343c93f204e90901b51200a29fde9&localId=w:4ACC00A0-1788-710F-65CA-E695752A695C&deviceId=6896216935924576&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=37A3E0155794670105CFF5A7561F6615; MSPTC=r6FRdKtv1XncuELSg3swKSz40RvxA5DRkLbhlx1ILhM
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 54B47DB52A4748229CC3C9EB9C032951 Ref B: FRA31EDGE0207 Ref C: 2025-03-17T00:42:57Z
    date: Mon, 17 Mar 2025 00:42:57 GMT
  • flag-us
    DNS
    c.pki.goog
    Remote address:
    8.8.8.8:53
    Request
    c.pki.goog
    IN A
    Response
    c.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    142.250.200.35
  • flag-gb
    GET
    http://c.pki.goog/r/r1.crl
    Remote address:
    142.250.200.35:80
    Request
    GET /r/r1.crl HTTP/1.1
    Cache-Control: max-age = 3000
    Connection: Keep-Alive
    Accept: */*
    If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: c.pki.goog
    Response
    HTTP/1.1 304 Not Modified
    Date: Mon, 17 Mar 2025 00:09:30 GMT
    Expires: Mon, 17 Mar 2025 00:59:30 GMT
    Age: 2068
    Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
    Cache-Control: public, max-age=3000
    Vary: Accept-Encoding
  • 150.171.28.10:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f7b343c93f204e90901b51200a29fde9&localId=w:4ACC00A0-1788-710F-65CA-E695752A695C&deviceId=6896216935924576&anid=
    tls, http2
    2.0kB
     9.4kB
     22
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f7b343c93f204e90901b51200a29fde9&localId=w:4ACC00A0-1788-710F-65CA-E695752A695C&deviceId=6896216935924576&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f7b343c93f204e90901b51200a29fde9&localId=w:4ACC00A0-1788-710F-65CA-E695752A695C&deviceId=6896216935924576&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f7b343c93f204e90901b51200a29fde9&localId=w:4ACC00A0-1788-710F-65CA-E695752A695C&deviceId=6896216935924576&anid=

    HTTP Response

    204
  • 142.250.200.35:80
    http://c.pki.goog/r/r1.crl
    http
    384 B
     355 B
     4
    3

    HTTP Request

    GET http://c.pki.goog/r/r1.crl

    HTTP Response

    304
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     148 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    150.171.28.10
    150.171.27.10

  • 8.8.8.8:53
    c.pki.goog
    dns
    56 B
     107 B
     1
    1

    DNS Request

    c.pki.goog

    DNS Response

    142.250.200.35

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/640-0-0x0000000000400000-0x00000000006D2000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/640-2-0x00000000029A0000-0x0000000002BA1000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/640-8-0x00000000029A0000-0x0000000002BA1000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/640-13-0x0000000000400000-0x00000000006D2000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/640-18-0x00000000029A0000-0x0000000002BA1000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/640-17-0x0000000000400000-0x00000000006D2000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/640-15-0x0000000000400000-0x00000000006D2000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/640-14-0x0000000000400000-0x00000000006D2000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/640-16-0x0000000000400000-0x00000000006D2000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/640-20-0x00000000029A0000-0x0000000002BA1000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/640-22-0x0000000000400000-0x00000000006D2000-memory.dmp

    Filesize

    2.8MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.