Analysis

  • max time kernel
    102s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250610-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250610-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/07/2025, 18:52

General

  • Target

    2025-07-02_d1f08270aef15c56817668da818cdb52_black-basta_cobalt-strike_satacom_vidar.exe

  • Size

    384KB

  • MD5

    d1f08270aef15c56817668da818cdb52

  • SHA1

    35995b070834a9a5c7217309c0a86aa6c91f9458

  • SHA256

    a8caf1a05ad226b96cf839917deb690e604b15cc7fa1bdac18753677b10f7156

  • SHA512

    de15a43b0c408b8a1d6b05e78db361c12adce470d986c1d16df68a862211f3c95d2e6fba7f05eb1ff5ab8af3bdcc7fc5ca3ff2d439c42461fb11bd46ffdaeb6c

  • SSDEEP

    6144:gUORK1ttbV3kSobTYZGiNdninoh+uiSdK4b/OHIm/I3A/D6zgLP+b:gytbV3kSoXaLnOosJR5/IQ/DB4

Score
3/10

Malware Config

Signatures

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-07-02_d1f08270aef15c56817668da818cdb52_black-basta_cobalt-strike_satacom_vidar.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-07-02_d1f08270aef15c56817668da818cdb52_black-basta_cobalt-strike_satacom_vidar.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5752
    • C:\Windows\SYSTEM32\cmd.exe
      cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\2025-07-02_d1f08270aef15c56817668da818cdb52_black-basta_cobalt-strike_satacom_vidar.exe"
      2⤵
      • System Network Configuration Discovery: Internet Connection Discovery
      • Suspicious use of WriteProcessMemory
      PID:3864
      • C:\Windows\system32\PING.EXE
        ping 1.1.1.1 -n 1 -w 6000
        3⤵
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:752

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads