e44c92d73b88371b908615793da2fc523d46c1de704317cc997d6157338163ea

Analysis

max time kernel
105s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
07/04/2025, 15:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-07_c24ced4900d47b76d537d5968daa71e2_black-basta_coinminer_ryuk_sliver.exe
Size

3.3MB
MD5

c24ced4900d47b76d537d5968daa71e2
SHA1

f63045e80a5e7bd666f97868d478b74eebe1dbc7
SHA256

e44c92d73b88371b908615793da2fc523d46c1de704317cc997d6157338163ea
SHA512

7378845d60ae5bdd1f5abff72108d364726da77a1dd13035adcfcaca2c0d8280add02e1ad22028f851c821f97a91b1888f3c7a8745712c8d430714c8c79a569a
SSDEEP

49152:yX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQeD5b5:ylRsZ47/QXoHUOfAoj1O55

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	5416	wmic.exe
Token: SeSecurityPrivilege	5416	wmic.exe
Token: SeTakeOwnershipPrivilege	5416	wmic.exe
Token: SeLoadDriverPrivilege	5416	wmic.exe
Token: SeSystemProfilePrivilege	5416	wmic.exe
Token: SeSystemtimePrivilege	5416	wmic.exe
Token: SeProfSingleProcessPrivilege	5416	wmic.exe
Token: SeIncBasePriorityPrivilege	5416	wmic.exe
Token: SeCreatePagefilePrivilege	5416	wmic.exe
Token: SeBackupPrivilege	5416	wmic.exe
Token: SeRestorePrivilege	5416	wmic.exe
Token: SeShutdownPrivilege	5416	wmic.exe
Token: SeDebugPrivilege	5416	wmic.exe
Token: SeSystemEnvironmentPrivilege	5416	wmic.exe
Token: SeRemoteShutdownPrivilege	5416	wmic.exe
Token: SeUndockPrivilege	5416	wmic.exe
Token: SeManageVolumePrivilege	5416	wmic.exe
Token: 33	5416	wmic.exe
Token: 34	5416	wmic.exe
Token: 35	5416	wmic.exe
Token: 36	5416	wmic.exe
Token: SeIncreaseQuotaPrivilege	5416	wmic.exe
Token: SeSecurityPrivilege	5416	wmic.exe
Token: SeTakeOwnershipPrivilege	5416	wmic.exe
Token: SeLoadDriverPrivilege	5416	wmic.exe
Token: SeSystemProfilePrivilege	5416	wmic.exe
Token: SeSystemtimePrivilege	5416	wmic.exe
Token: SeProfSingleProcessPrivilege	5416	wmic.exe
Token: SeIncBasePriorityPrivilege	5416	wmic.exe
Token: SeCreatePagefilePrivilege	5416	wmic.exe
Token: SeBackupPrivilege	5416	wmic.exe
Token: SeRestorePrivilege	5416	wmic.exe
Token: SeShutdownPrivilege	5416	wmic.exe
Token: SeDebugPrivilege	5416	wmic.exe
Token: SeSystemEnvironmentPrivilege	5416	wmic.exe
Token: SeRemoteShutdownPrivilege	5416	wmic.exe
Token: SeUndockPrivilege	5416	wmic.exe
Token: SeManageVolumePrivilege	5416	wmic.exe
Token: 33	5416	wmic.exe
Token: 34	5416	wmic.exe
Token: 35	5416	wmic.exe
Token: 36	5416	wmic.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 5416	4960	2025-04-07_c24ced4900d47b76d537d5968daa71e2_black-basta_coinminer_ryuk_sliver.exe	90
PID 4960 wrote to memory of 5416	4960	2025-04-07_c24ced4900d47b76d537d5968daa71e2_black-basta_coinminer_ryuk_sliver.exe	90

C:\Users\Admin\AppData\Local\Temp\2025-04-07_c24ced4900d47b76d537d5968daa71e2_black-basta_coinminer_ryuk_sliver.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-07_c24ced4900d47b76d537d5968daa71e2_black-basta_coinminer_ryuk_sliver.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Windows\system32\wbem\wmic.exe
  wmic os get oslanguage /FORMAT:LIST
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5416

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads