570f0edc11211ba042edeb6c3de94b5d236ce1c3b400a0ec0ee633f0636a2200

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220718-en
resource tags

arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
submitted
25-07-2022 00:51

Target

570f0edc11211ba042edeb6c3de94b5d236ce1c3b400a0ec0ee633f0636a2200.exe
Size

195KB
MD5

5233e8c9eb1f618b7681013005a823b3
SHA1

7c2c924d30900cbdff35894b6d9e5da7db0727b2
SHA256

570f0edc11211ba042edeb6c3de94b5d236ce1c3b400a0ec0ee633f0636a2200
SHA512

6b878b6d6635b1b87b3ad63078cb4ec6ed2cb58bdb82a3bc893a8b6919379b2f8d8caa842cc610d1cef246938d390752f9938203b0c739dc51f3515b5a8a80ac

Score

10^/10

suricata: ET MALWARE Blackmoon/Banbra Configuration Request M2
suricata: ET MALWARE Blackmoon/Banbra Configuration Request M2
suricata

Adds Run key to start application 2 TTPs 2 IoCs

Registry Run Keys / Startup Folder

Modify Registry

Processes:

570f0edc11211ba042edeb6c3de94b5d236ce1c3b400a0ec0ee633f0636a2200.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	570f0edc11211ba042edeb6c3de94b5d236ce1c3b400a0ec0ee633f0636a2200.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5AA4E0BAB593 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\570f0edc11211ba042edeb6c3de94b5d236ce1c3b400a0ec0ee633f0636a2200.exe"	570f0edc11211ba042edeb6c3de94b5d236ce1c3b400a0ec0ee633f0636a2200.exe

C:\Users\Admin\AppData\Local\Temp\570f0edc11211ba042edeb6c3de94b5d236ce1c3b400a0ec0ee633f0636a2200.exe
"C:\Users\Admin\AppData\Local\Temp\570f0edc11211ba042edeb6c3de94b5d236ce1c3b400a0ec0ee633f0636a2200.exe"
1⤵
- Adds Run key to start application
PID:2024

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2024-54-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download
memory/2024-55-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/2024-56-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/2024-57-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/2024-58-0x0000000000230000-0x0000000000233000-memory.dmp

Filesize
12KB

Download
memory/2024-59-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download