Analysis

  • max time kernel
    133s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250610-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250610-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/07/2025, 05:55

General

  • Target

    2025-07-03_99e29a7329471d645c3fa437b9aba6a4_black-basta_cobalt-strike_coinminer_luca-stealer_satacom_vidar.exe

  • Size

    18.1MB

  • MD5

    99e29a7329471d645c3fa437b9aba6a4

  • SHA1

    fd97764ffa8ce284d780aa78f12a4f2e38247c63

  • SHA256

    7224c29dabfb308937e6feeb58e333b2195a3d23b43b3681b35fe1c8b06e3d44

  • SHA512

    9f0918358850d3a7a1922f4ef246b1525d2eb2b57882ce6707a0df5c4a55c9bcf7e25dc1855321b04565ca183d89fcf2bafa67f1a9f4688302baeebed82b5d8e

  • SSDEEP

    393216:LGGgsyv/9l4oNWMgqbazd7gV3QV/AVWbIOKpTy+3nXaLOIEFyc:ese/9lXxNbahgVAzwpTBXaLUt

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 39 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-07-03_99e29a7329471d645c3fa437b9aba6a4_black-basta_cobalt-strike_coinminer_luca-stealer_satacom_vidar.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-07-03_99e29a7329471d645c3fa437b9aba6a4_black-basta_cobalt-strike_coinminer_luca-stealer_satacom_vidar.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3912
    • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\AutostraferNewNOIP.exe
      C:\Users\Admin\AppData\Local\Temp\2025-07-03_99e29a7329471d645c3fa437b9aba6a4_black-basta_cobalt-strike_coinminer_luca-stealer_satacom_vidar.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2400
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c "ver"
        3⤵
          PID:3184

    Network

          MITRE ATT&CK Enterprise v16

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ctypes.pyd

            Filesize

            121KB

            MD5

            a25cdcf630c024047a47a53728dc87cd

            SHA1

            8555ae488e0226a272fd7db9f9bdbb7853e61a21

            SHA256

            3d43869a4507ed8ece285ae85782d83bb16328cf636170acb895c227ebb142ac

            SHA512

            f6a4272deddc5c5c033a06e80941a16f688e28179eab3dbc4f7a9085ea4ad6998b89fc9ac501c5bf6fea87e0ba1d9f2eda819ad183b6fa7b6ddf1e91366c12af

          • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\numpy.libs\libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll

            Filesize

            36.4MB

            MD5

            5e46c3d334c90c3029eb6ae2a3fe58f2

            SHA1

            ad3d806f720289ccb90ce8bfd0da49fa99e7777b

            SHA256

            57b87772bf676b5c2d718c79dddc9f039d79ec3319fee1398cc305adff7b69e5

            SHA512

            4bd29d19b619076a64a928f3871edcce8416bcf100c1aa1250932479d6536d9497f2f9a2668c90b3479d0d4ab4234ffa06f81bc6b107fad1be5097fa2b60ab28

          • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\numpy\core\_multiarray_umath.pyd

            Filesize

            2.7MB

            MD5

            ea2e696dd221290a44fc7f095c4f185b

            SHA1

            dd5ae42ae6d2678d65b003ba4ca8286a80586869

            SHA256

            c76d812fa5131fe21c8bf9ffbd910f27df80856f910fa61698f23f60cfd9d13e

            SHA512

            7a811681652fb53d2da2ec0042b73a6b75b95defc9b47422df0148832a71079832a10d45ac6e457d26a708a30544ad45f08a87e61426c1f3c8252e48c6374b27

          • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\numpy\random\_bounded_integers.pyd

            Filesize

            251KB

            MD5

            f380b1902f06ed89554a6a7f76fef247

            SHA1

            48bc984fe47823eab6d59db171cee6f7ce33bbf6

            SHA256

            05d5fe8a5a79b1d5836e58307afdd0c8570a7c4e1ed0b6a6294f3978db0dc6c4

            SHA512

            a4b7f5405836c746148c14145b76e898228ba29d67ed122adfe68007e4ecc8893825f0a6c7e706035d112874894d588533a715a6aea33d3c83a1dfe7161d0ca4

          • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\numpy\random\_generator.pyd

            Filesize

            679KB

            MD5

            6de59567e3c76ab31b85ae334e173721

            SHA1

            03a81c8a9636e5623b7c98c117b1aaf6d34bfef3

            SHA256

            003c7af2699a370efc1a90bf42ac3b449c27ff9c24b11136dd245bf50ed2240f

            SHA512

            b89e2222bc1f6c13145bd13c404bcff7af304565293d36e0fff619687e65c3909cc94f6adb01447a1bef523a5db5009520a1867aa76045a46f99368201a2f3f5

          • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\numpy\random\mtrand.pyd

            Filesize

            583KB

            MD5

            fe1f1ca966c6041483a00d4940380c95

            SHA1

            a7c273ccca6bccb4cd709104d02c6e9af01eb49b

            SHA256

            7dda3c60d25791c53c2eca99eab696347b6a8ee20f3f8307d7efbf086cbbc5bf

            SHA512

            42476929a8307eb088728fb3cabe971239aefd2ca60785f4141b4a215d7a360b256bb8060dbdbcd08b68430719d4ea05214cbd48e25336492909d1378ea29c27

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\AutostraferNewNOIP.exe

            Filesize

            22.4MB

            MD5

            906bdbe33b16d99872ad3ab0919e9e77

            SHA1

            191dfe5f23a1e10df971983cb400b1269713b6d2

            SHA256

            759c1bd0e218c1e7154720a05e1c31ec73959633f8c3173ad1a89ab50d9f8775

            SHA512

            90448ebd50e1392cc25cced7c1dd23f180fc12d8736a20bf8bd052df97d8190b0b608c3020b8394b8a8cb8386d76dc616b9b9ac134a23d69f0dee3627ab960e0

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\VCRUNTIME140.dll

            Filesize

            116KB

            MD5

            be8dbe2dc77ebe7f88f910c61aec691a

            SHA1

            a19f08bb2b1c1de5bb61daf9f2304531321e0e40

            SHA256

            4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

            SHA512

            0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\_hashlib.pyd

            Filesize

            63KB

            MD5

            ba682dfcdd600a4bb43a51a0d696a64c

            SHA1

            df85ad909e9641f8fcaa0f8f5622c88d904e9e20

            SHA256

            2ad55e11bddb5b65cdf6e9e126d82a3b64551f7ad9d4cbf74a1058fd7e5993bd

            SHA512

            79c607e58881d3c3dfb83886fe7aa4cddb5221c50499d33fe21e1efb0ffa1fd0d3f52cbe97b16b04fbe2b067d6eb5997ac66dec9d2a160d3cb6d44ffca0f5636

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\_queue.pyd

            Filesize

            31KB

            MD5

            284fbc1b32f0282fc968045b922a4ee2

            SHA1

            7ccea7a48084f2c8463ba30ddae8af771538ae82

            SHA256

            ac3b144d7d7c8ee39f29d8749c5a35c4314b5365198821605c883fd11807e766

            SHA512

            baa75f7553cf595ad78c84cbb0f2a50917c93596ece1ff6221e64272adc6facdd8376e00918c6c3246451211d9dfc66442d31759bd52c26985c7f133cf011065

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\_socket.pyd

            Filesize

            77KB

            MD5

            485d998a2de412206f04fa028fe6ba90

            SHA1

            286e29d4f91a46171ba1e3c8229e6de94b499f1d

            SHA256

            8f9ede5044643413c3b072cd31a565956498ca07cdd17fb6a04483d388fdad76

            SHA512

            68591522e9188f06ff81cd2b3506b40b9ad508d6e34f0111819bf5eff47ed9adf95ebfae5d05b685c4f53b186d15cc45e0d831d96be926f7a5762ee2f1341f1f

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\_tkinter.pyd

            Filesize

            62KB

            MD5

            b9433c77e6b04532ac587056d21947c2

            SHA1

            0bcbf7b0ae1c3b815788b62879384217d9744abf

            SHA256

            a3488d90b5493dd0af5054750194cdeafbf05db42e881c78d92449932565308d

            SHA512

            a0fcbf898038f2337db8b2aa5873e3fd8970f5f7d01725e9a20be091985495feab01d7dc7b8a6b7ab898d2875566029fd3d217883a1301bf67f8c4288bb29b4f

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\libcrypto-3.dll

            Filesize

            5.0MB

            MD5

            e547cf6d296a88f5b1c352c116df7c0c

            SHA1

            cafa14e0367f7c13ad140fd556f10f320a039783

            SHA256

            05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

            SHA512

            9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\libffi-8.dll

            Filesize

            38KB

            MD5

            0f8e4992ca92baaf54cc0b43aaccce21

            SHA1

            c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

            SHA256

            eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

            SHA512

            6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\numpy\core\_multiarray_tests.pyd

            Filesize

            63KB

            MD5

            54192025aa4449a24e8c84ae0f25b164

            SHA1

            381f50a8354c4abb12b76fa6e74fd526fbce2da9

            SHA256

            c31d1abe635e9006caa9fedda260dd4e4fdba31fbdcc8ac0969ab0396a0c6c4e

            SHA512

            1a3210c5c24a86d6cd6e3f2c19ba211611d5054cf04f6f5d22268a99f9ce6a8f61cab41d0d636e6163605180a94e90f0cf2b3832b2c3f731371fe4fd3d96a5c7

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\numpy\fft\_pocketfft_internal.pyd

            Filesize

            107KB

            MD5

            79f63fa108140ba54d5aea030df4be95

            SHA1

            1ae3b933106095928c54e1dba66f0966f98ce48b

            SHA256

            207c894d4a97d5eac328a87936b1c5a160cf1163d8b3f59b3c43792d9b5224a4

            SHA512

            8bef8bcc947c6d7b07a6b9d40eac134c4190abbc302a175e1e7b8d70a2eea8f2f7a9aaa0a0ff6b1fb74f6d7153cf6d63f8fb9d822bc58e98621f54c94c45bd81

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\numpy\linalg\_umath_linalg.pyd

            Filesize

            104KB

            MD5

            c38f96f75d504fa0c2df82327beeca31

            SHA1

            d059816e107302a43b60c0081b91a667327ddc13

            SHA256

            05922a2be823ec2e4d2378a73b05bb37f2816aeea86b613a9c80e25764ac8736

            SHA512

            a0609881d8d7335fc4dfa79584494b56dd1875e10564035a432bae2bfe206a0f9ddad500bb4d84e3b68a1bea0c698d5b04b19b30e02fe36410451c2a7d2147ba

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\numpy\random\_common.pyd

            Filesize

            171KB

            MD5

            9859d240504af306b9e130b1ae0a28d3

            SHA1

            9f87f3badce2c4f02d8780c35acca16c67c44917

            SHA256

            f41809c03d13487fa8940cc30f5ff2125143ebf071bca10e081d026028c435fd

            SHA512

            16ff6686f7f058c061e4e5d9f411b195c064c3c4871613957d30b50055e428bb9b51c22558267e4ae1089a33a21fabd4de00b525906aba9aae7325b7ae1d2920

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\numpy\random\_mt19937.pyd

            Filesize

            73KB

            MD5

            046eea12f5582cfc5b4dd95c95f3568e

            SHA1

            27fd4be133ca784bd8f15ec65234069d7a427325

            SHA256

            36bbd3767a4efc1e5ddd4f96b7b705fc664e95a629abbe7e3b5e5951cdead3f0

            SHA512

            85570a0dc3200387763570a474089e80ab5e61dc3d271fa01f5d0e7ed9bc61954bd2fe92a7a20f6ab5ca5ff47a6047f6f80551b4dcdac13ba962d790b36d91ed

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\numpy\random\_pcg64.pyd

            Filesize

            81KB

            MD5

            6fdbf3346994c777608f0ad5cbaca3cd

            SHA1

            79e08ae5c2ee684537c73f58feff25a3deef0bc7

            SHA256

            e09a53b33a1908aa4eb58a07166d5beaffe2072ceded2f80df59831adf7fb8df

            SHA512

            cef969246e8dbc8809ca21b7fc691c6d52eca977f433331ff05a491689dc4ded79a53c390aefa645834fd395477e428b151a91acf9037943279288a261f46403

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\numpy\random\_philox.pyd

            Filesize

            68KB

            MD5

            7ad1efc0a62a692722b5eef7b6f8414a

            SHA1

            5a0d5f305b149c460e7f720efe5ea168643f0177

            SHA256

            9a777f3f9a59f3d88de84dc3e499138335c3a6cf3bee1b875d9626d6cdf6e098

            SHA512

            59bdf9723854683a6955dcd07d99b05a8f11f2a708171e3cd9ed6cde17ce739c27a4cabe13f1997967f9e87672a9bab36591dc530fdca1df5886ab4b5710468e

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\numpy\random\_sfc64.pyd

            Filesize

            49KB

            MD5

            441f1537e70a2eea00f4369e46a26be0

            SHA1

            aff994dd60f33c2aaac480c959351f1684349c39

            SHA256

            180453afefeff645f9fdb2de54a3cb72d8becb87936ea82e2d7a56592aca3068

            SHA512

            124034b67b0a1abe0e2b3ea8605f25970e224c7b9f72cd7ba2fdd63396afc94bf981224f2fbdc2d45fce3bad299a04238f52a147f0cf8519c26360e55e4359ab

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\numpy\random\bit_generator.pyd

            Filesize

            160KB

            MD5

            4f9e45169d349a4922a251df4af06b12

            SHA1

            eb4c248b9b5fecc0518d5fbc77652bc8509cc8e3

            SHA256

            9ad713f6a93c26bb733a90f877b50d51d7f22eef161aa58e40735a5cec149501

            SHA512

            90dcd6f1e35dde8a37690a2c70036f6903ce868e0bfdce930941ea71dc58de5748dcd4fd1af8745d85aca7d643199512ddc628615382f26340eda3fb229113b5

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\python311.dll

            Filesize

            5.5MB

            MD5

            d06da79bfd21bb355dc3e20e17d3776c

            SHA1

            610712e77f80d2507ffe85129bfeb1ff72fa38bf

            SHA256

            2835e0f24fb13ef019608b13817f3acf8735fbc5f786d00501c4a151226bdff1

            SHA512

            e4dd839c18c95b847b813ffd0ca81823048d9b427e5dcf05f4fbe0d77b8f7c8a4bd1c67c106402cd1975bc20a8ec1406a38ad4764ab466ef03cb7eb1f431c38a

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\pywintypes311.dll

            Filesize

            131KB

            MD5

            90b786dc6795d8ad0870e290349b5b52

            SHA1

            592c54e67cf5d2d884339e7a8d7a21e003e6482f

            SHA256

            89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a

            SHA512

            c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\select.pyd

            Filesize

            29KB

            MD5

            e07ae2f7f28305b81adfd256716ae8c6

            SHA1

            9222cd34c14a116e7b9b70a82f72fc523ef2b2f6

            SHA256

            fb06ac13f8b444c3f7ae5d2af15710a4e60a126c3c61a1f1e1683f05f685626c

            SHA512

            acb143194ca465936a48366265ae3e11a2256aeae333c576c8c74f8ed9b60987daff81647aef74e236b30687a28bc7e3aa21c6aedbfa47b1501658a2bfd117b4

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\tcl86t.dll

            Filesize

            1.8MB

            MD5

            ac6cd2fb2cd91780db186b8d6e447b7c

            SHA1

            b387b9b6ca5f0a2b70028ab2147789c4fe24ef7a

            SHA256

            a91781fe13548b89817462b00058a75fb0b607ec8ce99d265719ced573ade7b6

            SHA512

            45b24ca07a44d8d90e5efeded2697a37f000b39d305fe63a67292fdd237de3f8efd5e85b139b5702faa695f9f27f12f24ac497e005e2f3c24c141d7cd85305b6

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\tcl\encoding\cp1252.enc

            Filesize

            1KB

            MD5

            e9117326c06fee02c478027cb625c7d8

            SHA1

            2ed4092d573289925a5b71625cf43cc82b901daf

            SHA256

            741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e

            SHA512

            d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\tk86t.dll

            Filesize

            1.5MB

            MD5

            499fa3dea045af56ee5356c0ce7d6ce2

            SHA1

            0444b7d4ecd25491245824c17b84916ee5b39f74

            SHA256

            20139f4c327711baf18289584fa0c8112f7bb3ba55475bded21f3d107672ed94

            SHA512

            d776749effa241ba1415b28d2fcff1d64ed903569a8c4e56dfddd672a53b2f44119734b1959b72a9b3f4060bb2c67b7dea959cc2d4a8e9f781f17009c6840fc1

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\unicodedata.pyd

            Filesize

            1.1MB

            MD5

            5cc36a5de45a2c16035ade016b4348eb

            SHA1

            35b159110e284b83b7065d2cff0b5ef4ccfa7bf1

            SHA256

            f28ac3e3ad02f9e1d8b22df15fa30b2190b080261a9adc6855248548cd870d20

            SHA512

            9cccbf81e80c32976b7b2e0e3978e8f7350cce542356131b24ebab34b256efd44643d41ee4b2994b9152c2e5af302aa182a1889c99605140f47494a501ef46c1

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\vcruntime140_1.dll

            Filesize

            48KB

            MD5

            f8dfa78045620cf8a732e67d1b1eb53d

            SHA1

            ff9a604d8c99405bfdbbf4295825d3fcbc792704

            SHA256

            a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

            SHA512

            ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

          • C:\Users\Admin\AppData\Local\Temp\onefile_3912_133959957106143199\win32api.pyd

            Filesize

            130KB

            MD5

            1d6762b494dc9e60ca95f7238ae1fb14

            SHA1

            aa0397d96a0ed41b2f03352049dafe040d59ad5d

            SHA256

            fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664

            SHA512

            0b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00

          • memory/2400-1031-0x00007FFE8F140000-0x00007FFE911F6000-memory.dmp

            Filesize

            32.7MB