Overview

overview

10

Static

static

3

11129aad3b...3b.exe

windows7-x64

10

11129aad3b...3b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    2s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28-10-2024 02:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    11129aad3b5baa1d118ec0ee3922278c194e43f6e2f0fcef221c65e5f4490d3b.exe

  • Size

    2.6MB

  • MD5

    523d6d251e5f8f9d7db1a3645967e72e

  • SHA1

    aca4932ac18f5c0227ee85e01da35a0b66285424

  • SHA256

    11129aad3b5baa1d118ec0ee3922278c194e43f6e2f0fcef221c65e5f4490d3b

  • SHA512

    f4910a6c30e3f18564e77e47f5a2d0172775a880e39d93629de5c4094b22efc90c0d5c5518ed5952c7eeeb8861b55b2bdfac5a402fa11d1dac205d986046e05b

  • SSDEEP

    49152:vFDi8DIuiRIGgmGjunBD95D8L5ZtGtXaP4La47RvmcfXGhCz7CNyHbn877QZI1w:vXxYSm9BfDCn4tqP4W2RvhfXGQzOQHbJ

Score
10/10
blackbastadefense_evasiondiscoveryexecutionimpactransomware

Malware Config

Extracted

Path

C:\Program Files\instructions_read_me.txt

Family

blackbasta

Ransom Note
ATTENTION! Your network has been breached and all data was encrypted. Please contact us at: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/ Login ID: 66e18026-1453-4fe2-8621-d51fcc9dc54e *!* To access .onion websites download and install Tor Browser at: https://www.torproject.org/ (Tor Browser is not related to us) *!* To restore all your PCs and get your network working again, follow these instructions: - Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. It doesn't matter, who are trying to do this, either it will be your IT guys or a recovery agency. Please follow these simple rules to avoid data corruption: - Do not modify, rename or delete files. Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - Do not hire a recovery company. They can't decrypt without the key. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. So speak for yourself. Waiting you in a chat.
URLs

https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\11129aad3b5baa1d118ec0ee3922278c194e43f6e2f0fcef221c65e5f4490d3b.exe
    "C:\Users\Admin\AppData\Local\Temp\11129aad3b5baa1d118ec0ee3922278c194e43f6e2f0fcef221c65e5f4490d3b.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:3008
    • C:\Windows\SysWOW64\explorer.exe
      explorer.exe
      2⤵
        PID:2192
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Windows\SysNative\vssadmin.exe delete shadows /all /quiet
          3⤵
            PID:2504
            • C:\Windows\system32\vssadmin.exe
              C:\Windows\SysNative\vssadmin.exe delete shadows /all /quiet
              4⤵
              • Interacts with shadow copies
              PID:2112
      • C:\Windows\system32\vssvc.exe
        C:\Windows\system32\vssvc.exe
        1⤵
          PID:2676

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\instructions_read_me.txt
          Filesize

          1KB

          MD5

          4fd4c95249ac102be0c05c6a1a329cb6

          SHA1

          4be08872b8145d645c2e6fa80a1c6921b8d4a902

          SHA256

          df149c57c4fe9dd19d37c27014cdb7a6a1c72f19f555c83d9b87210c132492d5

          SHA512

          b66b202beae41a49c862ca9b08b4010c302b67014cb73907fb27a8e5c87c9b0c9a1e661cc9706a60a97cd2c414e2ee2cbe39b07803e0f8d03ad311fb148c65a8

          Download Submit

        • memory/2192-11-0x00000000009C0000-0x0000000000AA3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/2192-13-0x00000000009C0000-0x0000000000AA3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/2192-4-0x00000000009C0000-0x0000000000AA3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/2192-6-0x00000000009C0000-0x0000000000AA3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/2192-12-0x00000000009C0000-0x0000000000AA3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/2192-0-0x0000000000110000-0x00000000001BD000-memory.dmp

          Filesize

          692KB

          Download

        • memory/2192-9-0x00000000009C0000-0x0000000000AA3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/2192-2-0x0000000000110000-0x00000000001BD000-memory.dmp

          Filesize

          692KB

          Download

        • memory/2192-14-0x00000000009C0000-0x0000000000AA3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/2192-15-0x00000000009C0000-0x0000000000AA3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/2192-21-0x00000000009C0000-0x0000000000AA3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/2192-19-0x00000000009C0000-0x0000000000AA3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/2192-3-0x0000000000110000-0x00000000001BD000-memory.dmp

          Filesize

          692KB

          Download

        • memory/2192-20-0x00000000009C0000-0x0000000000AA3000-memory.dmp

          Filesize

          908KB

          Download