0b0abe68f13000275c162908740469a9938a5463ee07404c4f43eec8fb9299f5

Analysis

max time kernel
16s
max time network
18s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
29/03/2025, 22:54

Target

2025-03-29_5c07a7a4e57ee404b231bd85bb2e8602_black-basta_cobalt-strike_ryuk_satacom.exe
Size

1.3MB
MD5

5c07a7a4e57ee404b231bd85bb2e8602
SHA1

76d64cdc6a5265407e1b4a75426599f29adc1b5a
SHA256

0b0abe68f13000275c162908740469a9938a5463ee07404c4f43eec8fb9299f5
SHA512

19a362b97c6d3ad2c6f7e7b9cdeb5f4abe8e2f38bba00a1805b14f48fbf0a3f8d2b408714dbcff69546728d3c06360db84c2ddb91aa2bbf3f1c9414713a2479f
SSDEEP

24576:sw4GBpehMjcuP5b4FtyA1r6LgE0WpY4yObTpRrJ/vzl9Z3ERw/KB7cn:sw4GBcz05styAYL30IyObNRrJ/7ZERQT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2172	2204	2025-03-29_5c07a7a4e57ee404b231bd85bb2e8602_black-basta_cobalt-strike_ryuk_satacom.exe	30
PID 2204 wrote to memory of 2172	2204	2025-03-29_5c07a7a4e57ee404b231bd85bb2e8602_black-basta_cobalt-strike_ryuk_satacom.exe	30
PID 2204 wrote to memory of 2172	2204	2025-03-29_5c07a7a4e57ee404b231bd85bb2e8602_black-basta_cobalt-strike_ryuk_satacom.exe	30

C:\Users\Admin\AppData\Local\Temp\2025-03-29_5c07a7a4e57ee404b231bd85bb2e8602_black-basta_cobalt-strike_ryuk_satacom.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-29_5c07a7a4e57ee404b231bd85bb2e8602_black-basta_cobalt-strike_ryuk_satacom.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2204 -s 44
  2⤵
  PID:2172