Analysis

  • max time kernel
    104s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250610-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250610-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/07/2025, 18:53

General

  • Target

    2025-07-02_e6da5b9585c712da81f9e1e0deea43c7_black-basta_vidar.exe

  • Size

    1.3MB

  • MD5

    e6da5b9585c712da81f9e1e0deea43c7

  • SHA1

    1a9af9635d8620d4147ed5fb11c4bb2725ad634c

  • SHA256

    596fef4197fa1900b3de0094fa649da8ff19c78c1c382f2dc1bd8db550ce6ab3

  • SHA512

    a1dfb1dc2d7f77d8f63b91ea9e9c0d2367b233fa47bf4f1c669c66f51d5a1f24fedcb56ce367a1e07328104f815be92479318e7c00dc9feeb0b6086ca9817798

  • SSDEEP

    24576:dNiCgn1fZTlhtctmeP2kdKaZy4o8g4VEl9JL79v:dNcnRZphtcgePXKey4W4W/79v

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-07-02_e6da5b9585c712da81f9e1e0deea43c7_black-basta_vidar.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-07-02_e6da5b9585c712da81f9e1e0deea43c7_black-basta_vidar.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:5348

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/5348-0-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

        • memory/5348-7-0x0000000000510000-0x0000000000570000-memory.dmp

          Filesize

          384KB

        • memory/5348-2-0x0000000000510000-0x0000000000570000-memory.dmp

          Filesize

          384KB

        • memory/5348-12-0x0000000000510000-0x0000000000570000-memory.dmp

          Filesize

          384KB

        • memory/5348-13-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB