Overview

overview

10

Static

static

1

rufus.exe

windows7-x64

10

rufus.exe

windows10-2004-x64

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    07-08-2023 20:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    rufus.exe

  • Size

    1.2MB

  • MD5

    9b46fd720844076511d94496aac2b47f

  • SHA1

    5be995e55f304e753116c5d38bac665a51539ebd

  • SHA256

    9635c91adf7f8ee699b4b1b63d7342f3c732dfea9896cc0a67d9789b08577b5f

  • SHA512

    2eb03c14a9824fc941073433921a984f34d82025544fc933bcdbc0ba4eb031e827eea178297cd3af9ad56cd806acbea5d69b9faa033a56c16b8e01d608b18730

  • SSDEEP

    24576:oU1QcXKGCqN80AkGDU77N973AiZza4Wm7ZgqvenydUCAxik:oUNxH7N9zAV6YxP

Score
10/10
blackbastaransomware

Malware Config

Signatures

  • Black Basta

    A ransomware family targeting Windows and Linux ESXi first seen in February 2022.

    ransomwareblackbasta
  • Black Basta payload 6 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\rufus.exe
    "C:\Users\Admin\AppData\Local\Temp\rufus.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Users\Admin\AppData\Local\Temp\rufus.exe
      OMC_BC
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:620
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 164
        3⤵
        • Program crash
        PID:2292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/620-54-0x0000000000070000-0x0000000000102000-memory.dmp

    Filesize

    584KB

    Download

  • memory/620-57-0x0000000000070000-0x0000000000102000-memory.dmp

    Filesize

    584KB

    Download

  • memory/620-58-0x0000000000070000-0x0000000000102000-memory.dmp

    Filesize

    584KB

    Download

  • memory/620-56-0x0000000000070000-0x0000000000102000-memory.dmp

    Filesize

    584KB

    Download

  • memory/620-59-0x0000000000070000-0x0000000000102000-memory.dmp

    Filesize

    584KB

    Download

  • memory/620-60-0x0000000000070000-0x0000000000102000-memory.dmp

    Filesize

    584KB

    Download

  • memory/620-61-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/620-63-0x0000000000070000-0x0000000000102000-memory.dmp

    Filesize

    584KB

    Download

  • memory/620-68-0x0000000000070000-0x0000000000102000-memory.dmp

    Filesize

    584KB

    Download

  • memory/620-72-0x0000000000070000-0x0000000000102000-memory.dmp

    Filesize

    584KB

    Download