Overview

overview

7

Static

static

3

2025-03-30...ta.exe

windows7-x64

7

2025-03-30...ta.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    103s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/03/2025, 21:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-03-30_b3f78232db9641e19477198e4d63bc8e_black-basta.exe

  • Size

    4.4MB

  • MD5

    b3f78232db9641e19477198e4d63bc8e

  • SHA1

    527a4bd91b0823c6da5bfa58d52ece09889dab8e

  • SHA256

    f28e6790069c1400178bd90907ef6c8a389ab9355c05310a95ada1b11099b7e5

  • SHA512

    a22244cc8dbd8e641215bca40d6ce49d3e48321880d403b859763c87b3d5bdf7e2024e5fe6ff6b234d23ead8749e2f3d0d5bbc3f51ddee40f85b61dc515642a7

  • SSDEEP

    49152:ZmUdRba8fD8qinfMSKJXIUQREV1QOTu1U5ai25zYo5UC9RhuCTFKlaxV5dgbT/:a/IJsiC5sop7cT/

Score
4/10
discovery

Malware Config

Signatures

  • Drops file in Program Files directory 19 IoCs
  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-03-30_b3f78232db9641e19477198e4d63bc8e_black-basta.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-03-30_b3f78232db9641e19477198e4d63bc8e_black-basta.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:3716
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 472
      2⤵
      • Program crash
      PID:4316
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 472
      2⤵
      • Program crash
      PID:652
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3716 -ip 3716
    1⤵
      PID:1260
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3716 -ip 3716
      1⤵
        PID:2356

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\pUc7724.tmp
        Filesize

        870KB

        MD5

        a84173626dde66c6ed7c615aa02292c8

        SHA1

        3982dd0cbad4ab8041d1800364c3e8732bbc2501

        SHA256

        51034340cedb0be909968b97907c82ee03e689ce77389e6144d726ec76b828a5

        SHA512

        c4f2fa5fea78ab741d5952240e98493ae9b1f687b365f03b0ede8cb340f45a21d8baf4e59c807ce6853c7311c12830e5096e7b27818c38459fddba607bbfc99e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\pUc7756.tmp
        Filesize

        4.4MB

        MD5

        b3f78232db9641e19477198e4d63bc8e

        SHA1

        527a4bd91b0823c6da5bfa58d52ece09889dab8e

        SHA256

        f28e6790069c1400178bd90907ef6c8a389ab9355c05310a95ada1b11099b7e5

        SHA512

        a22244cc8dbd8e641215bca40d6ce49d3e48321880d403b859763c87b3d5bdf7e2024e5fe6ff6b234d23ead8749e2f3d0d5bbc3f51ddee40f85b61dc515642a7

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\pUc7E03.tmp
        Filesize

        336KB

        MD5

        925e329588ee24621e21f34b4e7d6448

        SHA1

        e9fdbcc0e05516489d93f8c2ca48e04f6e9ae32c

        SHA256

        c7e6bc8ed0f36a695d5c734eca039d245216f8ea2d4d300d5af2966a83e337c4

        SHA512

        88d2dfa1fd154495ca187bbe9b12c6a48385c7af625e32e7f04c2409b693e6e8bd48b934fb724ef0ca7266de61c395abaad942e24ba4a63b409cd9710763dfa0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\pUc7E25.tmp
        Filesize

        2.4MB

        MD5

        127f77ff4f45359110f788339630ff50

        SHA1

        3ba8dff12dde40814ec80adfe02c5dd9bd8d2c4c

        SHA256

        09c73b39e16df9a2afd064afecce6503008f334a8339535d666a56caf5a55115

        SHA512

        d40f32539fb65924b0418198451909ced505ac46c4f11f1c16325da98ada644872e6cdc63bdfdb64201f8643364e8381bc800a8dd2a91dd0e73aa73c3d2172b2

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\pUc86B7.tmp
        Filesize

        369KB

        MD5

        47357a0d3efed6306f2f2aad7fdfda47

        SHA1

        3c32c7c5cabdaf8e945b27cf149311d8f57f947c

        SHA256

        9a95477117842e7eb06a11a25070934489e5ba135f53e6496a5ad79b9ce22628

        SHA512

        a0b01cf5643ee3cac8794a1797de2c2ba3cad4237aa1cb1f32f57ff2c041f846afb7b64e9ead89ea50712c71d9afebd0d5bcc44b21d769fca709fdc2bc9d82d5

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\pUc86D9.tmp
        Filesize

        4.4MB

        MD5

        d27e92b1a9e946836e63eee1c1546a78

        SHA1

        ce55e9f73ec4ce3ce47eb09da316834c3fbf651b

        SHA256

        2d916341e8ceec24542311ed21fc23d55513edc756a709839b25b8f37a67815a

        SHA512

        02cc1e440cb3789818495d290c27b91879a25b728006afac4d18109396e4047afd29c23e178bc74cd2efbdf1ce12b54fea2fd093a25a28b87f67d798e2067465

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\pUc941A.tmp
        Filesize

        681KB

        MD5

        e5f5ee5037ea428d9dc464211c08cb9d

        SHA1

        e9e22acff9da59986d02eb00e2139e7797b4034f

        SHA256

        e80cdff1cc7f0241e44b53bcc1de87d101bbb0b18e0380ec7278d4e14bab4ba3

        SHA512

        74dc3326084f7b5487e407f37b4cc98770a1a5ee19488f9b096c87a24b6e5076d2f9b09ca8b3b661b6b435e982dda3dccf7b2f5ecaffe2c451f4570d3ae40a14

        Download Submit

      • memory/3716-164-0x0000000000400000-0x0000000000873000-memory.dmp

        Filesize

        4.4MB

        Download

      • memory/3716-233-0x0000000000400000-0x0000000000873000-memory.dmp

        Filesize

        4.4MB

        Download