Analysis
-
max time kernel
105s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20250619-en -
resource tags
arch:x64arch:x86image:win10v2004-20250619-enlocale:en-usos:windows10-2004-x64system -
submitted
02/07/2025, 18:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2025-07-02_d2d8794d8a26776b66edcc6905c6a64d_black-basta_ryuk.exe
Resource
win10v2004-20250619-en
2 signatures
150 seconds
General
-
Target
2025-07-02_d2d8794d8a26776b66edcc6905c6a64d_black-basta_ryuk.exe
-
Size
1.5MB
-
MD5
d2d8794d8a26776b66edcc6905c6a64d
-
SHA1
a194e8e374c463e4e70668b0cb8cf8872a7114d2
-
SHA256
a998cec77e7b7533e80bf428db5c11f8fece22be5d6b9f767e95b41f4f2ae263
-
SHA512
b77f64726072eab49b6ff738680b0323f92548e2aebe1902b813e4fc2dc77ea0674f1e55d19e7ef3bb0b3689a73494c2bd321c9b72dcf341cedf0d1caba1d2e7
-
SSDEEP
24576:1Lh1gR6oPZP9j3qLOS3/26/sEyGKCplM4q/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:1LhFoJJaSSuisEyGKCplQLNiXicJFFRI
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\System32\alg.exe 2025-07-02_d2d8794d8a26776b66edcc6905c6a64d_black-basta_ryuk.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 1548 2025-07-02_d2d8794d8a26776b66edcc6905c6a64d_black-basta_ryuk.exe