Analysis Overview
SHA256
596fef4197fa1900b3de0094fa649da8ff19c78c1c382f2dc1bd8db550ce6ab3
Threat Level: Shows suspicious behavior
The file 2025-07-02_e6da5b9585c712da81f9e1e0deea43c7_black-basta_vidar was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Drops file in System32 directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-07-02 18:53
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-02 18:53
Reported
2025-07-02 18:55
Platform
win10v2004-20250610-en
Max time kernel
104s
Max time network
135s
Command Line
Signatures
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\alg.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-02_e6da5b9585c712da81f9e1e0deea43c7_black-basta_vidar.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2025-07-02_e6da5b9585c712da81f9e1e0deea43c7_black-basta_vidar.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2025-07-02_e6da5b9585c712da81f9e1e0deea43c7_black-basta_vidar.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-02_e6da5b9585c712da81f9e1e0deea43c7_black-basta_vidar.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
Files
memory/5348-0-0x0000000140000000-0x0000000140163000-memory.dmp
memory/5348-7-0x0000000000510000-0x0000000000570000-memory.dmp
memory/5348-2-0x0000000000510000-0x0000000000570000-memory.dmp
memory/5348-12-0x0000000000510000-0x0000000000570000-memory.dmp
memory/5348-13-0x0000000140000000-0x0000000140163000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2025-07-02 18:53
Reported
2025-07-02 18:55
Platform
win11-20250502-en
Max time kernel
100s
Max time network
101s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\alg.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\alg.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-02_e6da5b9585c712da81f9e1e0deea43c7_black-basta_vidar.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2025-07-02_e6da5b9585c712da81f9e1e0deea43c7_black-basta_vidar.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2025-07-02_e6da5b9585c712da81f9e1e0deea43c7_black-basta_vidar.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-02_e6da5b9585c712da81f9e1e0deea43c7_black-basta_vidar.exe"
C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
Network
Files
memory/1088-0-0x0000000140000000-0x0000000140163000-memory.dmp
memory/1088-1-0x00000000020C0000-0x0000000002120000-memory.dmp
memory/1088-9-0x00000000020C0000-0x0000000002120000-memory.dmp
memory/1088-14-0x00000000020C0000-0x0000000002120000-memory.dmp
C:\Windows\System32\alg.exe
| MD5 | fe9078ee3c0f7c47f6fb59b027cb4421 |
| SHA1 | fd2c7c6f2b131cb7b61e24382af45f69d4d62cb0 |
| SHA256 | 8061647059fce38460d2a6f5633812df1762e6b57a92ea721299d5408db5c496 |
| SHA512 | 1c7fb8df288a9fbdcbc2d42b617dab0c1c7af91741b8f83c5a1a02a51b00501ff992c45dce209f506b78869a98e8bc4a32640afc05b1696c58593ef6db01e440 |
memory/648-16-0x0000000140000000-0x00000001400AA000-memory.dmp
memory/1088-17-0x0000000140000000-0x0000000140163000-memory.dmp
memory/648-18-0x0000000140000000-0x00000001400AA000-memory.dmp