8afa3ec25a09a7b41f78fd1cd3d69de3c55c158b9c99f58c59db15220d520636

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
29/03/2025, 21:50

Target

2025-03-29_9dbe5cb9c6e6dcc6bbda409b0e2f60ab_black-basta_cobalt-strike_ryuk_satacom.exe
Size

1.3MB
MD5

9dbe5cb9c6e6dcc6bbda409b0e2f60ab
SHA1

cafa259bf42b79ebc467ce248cab97b55876e51f
SHA256

8afa3ec25a09a7b41f78fd1cd3d69de3c55c158b9c99f58c59db15220d520636
SHA512

d89a36bb13e5da61a16b8e8a174d30e916d5d2f5012b490d5355d1817cc060a9c7b33954a59f185dc61784317734071bc49dfcbeddd073aa978023f9a52cde9f
SSDEEP

24576:2w4GBpehMjcuP5b4FtyA1r6LgE0WpY4yObTpRrJ/vzl9Z3ERw/KB7cot:2w4GBcz05styAYL30IyObNRrJ/7ZERQ0

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 840	2476	2025-03-29_9dbe5cb9c6e6dcc6bbda409b0e2f60ab_black-basta_cobalt-strike_ryuk_satacom.exe	31
PID 2476 wrote to memory of 840	2476	2025-03-29_9dbe5cb9c6e6dcc6bbda409b0e2f60ab_black-basta_cobalt-strike_ryuk_satacom.exe	31
PID 2476 wrote to memory of 840	2476	2025-03-29_9dbe5cb9c6e6dcc6bbda409b0e2f60ab_black-basta_cobalt-strike_ryuk_satacom.exe	31

C:\Users\Admin\AppData\Local\Temp\2025-03-29_9dbe5cb9c6e6dcc6bbda409b0e2f60ab_black-basta_cobalt-strike_ryuk_satacom.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-29_9dbe5cb9c6e6dcc6bbda409b0e2f60ab_black-basta_cobalt-strike_ryuk_satacom.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2476 -s 44
  2⤵
  PID:840