18d98d51d1c7e7132cef63e601a98434562970a8f8acfdec68603d58ab195bdd

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/03/2025, 18:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-30_ab7bb7f475077cb6291b002739d19aeb_black-basta_cobalt-strike_satacom.exe
Size

10.8MB
MD5

ab7bb7f475077cb6291b002739d19aeb
SHA1

c4221bc63032e9046ae024216c5404e13c781c46
SHA256

18d98d51d1c7e7132cef63e601a98434562970a8f8acfdec68603d58ab195bdd
SHA512

50eeb4540573427302c74e8ef5ac461c1a3579a59fb0f7adf7a5c0de3a13fe34a29c940bbb447a98f035ae12e2cec8504a03404bd863d156efd1deab66ee8628
SSDEEP

196608:FoN0W8UAoNTwhLE/2nXMCHGLLc54i1wN+KV0cSXl74w44ADzBDv9ILiAk0ax8Tqg:umW8xLVXMCHWUjyVg74w/ADF5ILDax7g

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 10 IoCs

pid	Process
2224	2025-03-30_ab7bb7f475077cb6291b002739d19aeb_black-basta_cobalt-strike_satacom.exe
2224	2025-03-30_ab7bb7f475077cb6291b002739d19aeb_black-basta_cobalt-strike_satacom.exe
2224	2025-03-30_ab7bb7f475077cb6291b002739d19aeb_black-basta_cobalt-strike_satacom.exe
2224	2025-03-30_ab7bb7f475077cb6291b002739d19aeb_black-basta_cobalt-strike_satacom.exe
2224	2025-03-30_ab7bb7f475077cb6291b002739d19aeb_black-basta_cobalt-strike_satacom.exe
2224	2025-03-30_ab7bb7f475077cb6291b002739d19aeb_black-basta_cobalt-strike_satacom.exe
2224	2025-03-30_ab7bb7f475077cb6291b002739d19aeb_black-basta_cobalt-strike_satacom.exe
2224	2025-03-30_ab7bb7f475077cb6291b002739d19aeb_black-basta_cobalt-strike_satacom.exe
2224	2025-03-30_ab7bb7f475077cb6291b002739d19aeb_black-basta_cobalt-strike_satacom.exe
2224	2025-03-30_ab7bb7f475077cb6291b002739d19aeb_black-basta_cobalt-strike_satacom.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2224	2644	2025-03-30_ab7bb7f475077cb6291b002739d19aeb_black-basta_cobalt-strike_satacom.exe	32
PID 2644 wrote to memory of 2224	2644	2025-03-30_ab7bb7f475077cb6291b002739d19aeb_black-basta_cobalt-strike_satacom.exe	32
PID 2644 wrote to memory of 2224	2644	2025-03-30_ab7bb7f475077cb6291b002739d19aeb_black-basta_cobalt-strike_satacom.exe	32

C:\Users\Admin\AppData\Local\Temp\2025-03-30_ab7bb7f475077cb6291b002739d19aeb_black-basta_cobalt-strike_satacom.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-30_ab7bb7f475077cb6291b002739d19aeb_black-basta_cobalt-strike_satacom.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Users\Admin\AppData\Local\Temp\2025-03-30_ab7bb7f475077cb6291b002739d19aeb_black-basta_cobalt-strike_satacom.exe
  "C:\Users\Admin\AppData\Local\Temp\2025-03-30_ab7bb7f475077cb6291b002739d19aeb_black-basta_cobalt-strike_satacom.exe"
  2⤵
  - Loads dropped DLL
  PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI26442\api-ms-win-core-fibers-l1-1-1.dll

Filesize
21KB

MD5
050a30a687e7a2fa6f086a0db89aa131

SHA1
1484322caaf0d71cbb873a2b87bdd8d456da1a3b

SHA256
fc9d86cec621383eab636ebc87ddd3f5c19a3cb2a33d97be112c051d0b275429

SHA512
07a15aa3b0830f857b9b9ffeb57b6593ae40847a146c5041d38be9ce3410f58caa091a7d5671cc1bc7285b51d4547e3004cf0e634ae51fe3da0051e54d8759e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26442\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
cc228ff8d86b608e73026b1e9960b2f8

SHA1
cef0705aee1e8702589524879a49e859505d6fe0

SHA256
4cadbc0c39da7c6722206fdcebd670abe5b8d261e7b041dd94f9397a89d1990d

SHA512
17abd9e0ec20b7eb686e3c0f41b043d0742ab7f9501a423b2d2922d44af660379792d1cc6221effbd7e856575d5babf72657ae9127c87cc5cf678bd2ceb1228f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26442\api-ms-win-core-file-l2-1-0.dll

Filesize
21KB

MD5
e368a236f5676a3da44e76870cd691c9

SHA1
e4f1d2c6f714a47f0dc29021855c632ef98b0a74

SHA256
93c624b366ba16c643fc8933070a26f03b073ad0cf7f80173266d67536c61989

SHA512
f5126498a8b65ab20afaaf6b0f179ab5286810384d44638c35f3779f37e288a51c28bed3c3f8125d51feb2a0909329f3b21273cb33b3c30728b87318480a9ef8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26442\api-ms-win-core-kernel32-legacy-l1-1-1.dll

Filesize
21KB

MD5
0c1cc0a54d4b38885e1b250b40a34a84

SHA1
24400f712bbe1dd260ed407d1eb24c35dcb2ecac

SHA256
a9b13a1cd1b8c19b0c6b4afcd5bb0dd29c0e2288231ac9e6db8510094ce68ba6

SHA512
71674e7ed8650cac26b6f11a05bfc12bd7332588d21cf81d827c1d22df5730a13c1e6b3ba797573bb05b3138f8d46091402e63c059650c7e33208d50973dde39

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26442\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
5241df2e95e31e73ccfd6357ad309df0

SHA1
2644cc5e86dfad1ad2140181ab2ca79725f95411

SHA256
6ee44dd0d8510dc024c9f7c79b1b9fa88c987b26b6beb6653ddd11751c34e5dc

SHA512
52cccd1dd237e764e34996c0c5f7a759a7f0eff29b61befeaf96a16d80df2ba9ee2c3615f875153198a145d68f275aea6d02187e6eee5a129e3e2ab81aaceb16

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26442\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
385f562bdc391ccd4f81aca3719f3236

SHA1
f6633e1dac227ba3cd14d004748ef0c1c4135e67

SHA256
4ad565a8ba3ef0ea8ab87221ad11f83ee0bc844ce236607958406663b407333e

SHA512
b72ed1a02d4a02791ca5490b35f7e2cb6cb988e4899eda78134a34fb28964ea573d3289b69d5db1aac2289d1f24fd0a432b8187f7ae8147656d38691ae923f27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26442\api-ms-win-core-sysinfo-l1-2-0.dll

Filesize
21KB

MD5
fc9fc5f308ffc2d2d71814df8e2ae107

SHA1
24d7477f2a7dc2610eb701ed683108cd57eca966

SHA256
2703635d835396afd0f138d7c73751afe7e33a24f4225d08c1690b0a371932c0

SHA512
490fa6dc846e11c94cfe2f80a781c1bd1943cddd861d8907de8f05d9dc7a6364a777c6988c58059e435ac7e5d523218a597b2e9c69c9c34c50d82cac4400fe01

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26442\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
43d8d2fb8801c5bd90d9482ddf3ea356

SHA1
d582b55cd58531e726141c63ba9910ff185d72e0

SHA256
33f4fddc181066fce06b2227bded813f95e94ed1f3d785e982c6b6b56c510c57

SHA512
0e073381a340db3f95165dbcceb8dfbf1ed1b4343e860446032400a7b321b7922c42ee5d9a881e28e69a3f55d56d63663adb9bb5abb69c5306efbf116cc5e456

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26442\python313.dll

Filesize
5.8MB

MD5
501080884bed38cb8801a307c9d7b7b4

SHA1
881b250cc8f4fa4f75111ac557a4fde8e1e217af

SHA256
bf68cf819a1e865170430c10e91c18b427aef88db1da1742020443864aa2b749

SHA512
63d74a4871d1c72c2a79ae8a5d380070f9d2128c16949c3ad36c9862fcc4dab738137ed3d51caf0bc46b36655f8bd8a2d425d68200123415ee8d4de0e1cbebc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26442\ucrtbase.dll

Filesize
1.3MB

MD5
286b308df8012a5dfc4276fb16dd9ccc

SHA1
8ae9df813b281c2bd7a81de1e4e9cef8934a9120

SHA256
2e5fb14b7bf8540278f3614a12f0226e56a7cc9e64b81cbd976c6fcf2f71cbfb

SHA512
24166cc1477cde129a9ab5b71075a6d935eb6eebcae9b39c0a106c5394ded31af3d93f6dea147120243f7790d0a0c625a690fd76177dddab2d2685105c3eb7b2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads