Malware Analysis Report

2024-10-19 08:16

Sample ID 221003-xyv8zscbd6
Target 411cc3a5c9db2e736109603a415d12e5b8bfc84ab6fc5e5edf1ce98aafd004ab
SHA256 411cc3a5c9db2e736109603a415d12e5b8bfc84ab6fc5e5edf1ce98aafd004ab
Tags
blackcat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

411cc3a5c9db2e736109603a415d12e5b8bfc84ab6fc5e5edf1ce98aafd004ab

Threat Level: Known bad

The file 411cc3a5c9db2e736109603a415d12e5b8bfc84ab6fc5e5edf1ce98aafd004ab was found to be: Known bad.

Malicious Activity Summary

blackcat

Blackcat family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-10-03 19:16

Signatures

Blackcat family

blackcat

Analysis: behavioral1

Detonation Overview

Submitted

2022-10-03 19:16

Reported

2022-10-03 19:19

Platform

win7-20220812-en

Max time kernel

24s

Max time network

45s

Command Line

"C:\Users\Admin\AppData\Local\Temp\411cc3a5c9db2e736109603a415d12e5b8bfc84ab6fc5e5edf1ce98aafd004ab.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\411cc3a5c9db2e736109603a415d12e5b8bfc84ab6fc5e5edf1ce98aafd004ab.exe

"C:\Users\Admin\AppData\Local\Temp\411cc3a5c9db2e736109603a415d12e5b8bfc84ab6fc5e5edf1ce98aafd004ab.exe"

Network

N/A

Files

memory/860-54-0x0000000075071000-0x0000000075073000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-10-03 19:16

Reported

2022-10-03 19:19

Platform

win10v2004-20220812-en

Max time kernel

124s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\411cc3a5c9db2e736109603a415d12e5b8bfc84ab6fc5e5edf1ce98aafd004ab.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\411cc3a5c9db2e736109603a415d12e5b8bfc84ab6fc5e5edf1ce98aafd004ab.exe

"C:\Users\Admin\AppData\Local\Temp\411cc3a5c9db2e736109603a415d12e5b8bfc84ab6fc5e5edf1ce98aafd004ab.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 f.7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa udp
NL 87.248.202.1:80 tcp
GB 51.132.193.104:443 tcp
IE 212.82.100.137:80 tcp
NL 87.248.202.1:80 tcp
NL 87.248.202.1:80 tcp
US 8.247.210.254:80 tcp

Files

N/A