blackbasta | 9635c91adf7f8ee699b4b1b63d7342f3c732dfea9896cc0a67d9789b08577b5f

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
07-08-2023 20:43

Target

rufus.exe
Size

1.2MB
MD5

9b46fd720844076511d94496aac2b47f
SHA1

5be995e55f304e753116c5d38bac665a51539ebd
SHA256

9635c91adf7f8ee699b4b1b63d7342f3c732dfea9896cc0a67d9789b08577b5f
SHA512

2eb03c14a9824fc941073433921a984f34d82025544fc933bcdbc0ba4eb031e827eea178297cd3af9ad56cd806acbea5d69b9faa033a56c16b8e01d608b18730
SSDEEP

24576:oU1QcXKGCqN80AkGDU77N973AiZza4Wm7ZgqvenydUCAxik:oUNxH7N9zAV6YxP

Score

10^/10

Black Basta
A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
ransomware blackbasta

Black Basta payload 6 IoCs

resource	yara_rule
behavioral1/memory/620-58-0x0000000000070000-0x0000000000102000-memory.dmp	family_blackbasta
behavioral1/memory/620-59-0x0000000000070000-0x0000000000102000-memory.dmp	family_blackbasta
behavioral1/memory/620-60-0x0000000000070000-0x0000000000102000-memory.dmp	family_blackbasta
behavioral1/memory/620-63-0x0000000000070000-0x0000000000102000-memory.dmp	family_blackbasta
behavioral1/memory/620-68-0x0000000000070000-0x0000000000102000-memory.dmp	family_blackbasta
behavioral1/memory/620-72-0x0000000000070000-0x0000000000102000-memory.dmp	family_blackbasta

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2044 set thread context of 620	2044	rufus.exe	28

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2292	620	WerFault.exe	28

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 620	2044	rufus.exe	28
PID 2044 wrote to memory of 620	2044	rufus.exe	28
PID 2044 wrote to memory of 620	2044	rufus.exe	28
PID 2044 wrote to memory of 620	2044	rufus.exe	28
PID 2044 wrote to memory of 620	2044	rufus.exe	28
PID 2044 wrote to memory of 620	2044	rufus.exe	28
PID 2044 wrote to memory of 620	2044	rufus.exe	28
PID 2044 wrote to memory of 620	2044	rufus.exe	28
PID 2044 wrote to memory of 620	2044	rufus.exe	28
PID 2044 wrote to memory of 620	2044	rufus.exe	28
PID 2044 wrote to memory of 620	2044	rufus.exe	28
PID 620 wrote to memory of 2292	620	rufus.exe	30
PID 620 wrote to memory of 2292	620	rufus.exe	30
PID 620 wrote to memory of 2292	620	rufus.exe	30
PID 620 wrote to memory of 2292	620	rufus.exe	30

memory/620-54-0x0000000000070000-0x0000000000102000-memory.dmp

Filesize
584KB

Download
memory/620-57-0x0000000000070000-0x0000000000102000-memory.dmp

Filesize
584KB

Download
memory/620-58-0x0000000000070000-0x0000000000102000-memory.dmp

Filesize
584KB

Download
memory/620-56-0x0000000000070000-0x0000000000102000-memory.dmp

Filesize
584KB

Download
memory/620-59-0x0000000000070000-0x0000000000102000-memory.dmp

Filesize
584KB

Download
memory/620-60-0x0000000000070000-0x0000000000102000-memory.dmp

Filesize
584KB

Download
memory/620-61-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/620-63-0x0000000000070000-0x0000000000102000-memory.dmp

Filesize
584KB

Download
memory/620-68-0x0000000000070000-0x0000000000102000-memory.dmp

Filesize
584KB

Download
memory/620-72-0x0000000000070000-0x0000000000102000-memory.dmp

Filesize
584KB

Download