Analysis Overview
SHA256
49261ea0d0c417ebae0e0fb1e56ad02cb7fe9ae16a76edb7c4e70c754b53370f
Threat Level: Known bad
The file Desktop.rar was found to be: Known bad.
Malicious Activity Summary
Blackmatter family
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-09-22 21:48
Signatures
Blackmatter family
Analysis: behavioral1
Detonation Overview
Submitted
2022-09-22 21:48
Reported
2022-09-22 21:49
Platform
win10v2004-20220812-en
Max time kernel
30s
Max time network
32s
Command Line
Signatures
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Build.bat"
C:\Users\Admin\AppData\Local\Temp\keygen.exe
keygen -path C:\Users\Admin\AppData\Local\Temp\Build -pubkey pub.key -privkey priv.key
C:\Users\Admin\AppData\Local\Temp\builder.exe
builder -type dec -privkey C:\Users\Admin\AppData\Local\Temp\Build\priv.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\Build\LB3Decryptor.exe
C:\Users\Admin\AppData\Local\Temp\builder.exe
builder -type enc -exe -pubkey C:\Users\Admin\AppData\Local\Temp\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\Build\LB3.exe
C:\Users\Admin\AppData\Local\Temp\builder.exe
builder -type enc -exe -pass -pubkey C:\Users\Admin\AppData\Local\Temp\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\Build\LB3_pass.exe
C:\Users\Admin\AppData\Local\Temp\builder.exe
builder -type enc -dll -pubkey C:\Users\Admin\AppData\Local\Temp\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\Build\LB3_Rundll32.dll
C:\Users\Admin\AppData\Local\Temp\builder.exe
builder -type enc -dll -pass -pubkey C:\Users\Admin\AppData\Local\Temp\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\Build\LB3_Rundll32_pass.dll
C:\Users\Admin\AppData\Local\Temp\builder.exe
builder -type enc -ref -pubkey C:\Users\Admin\AppData\Local\Temp\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\Build\LB3_ReflectiveDll_DllMain.dll
Network
Files
memory/3196-132-0x0000000000000000-mapping.dmp
memory/3544-133-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\Build\priv.key
| MD5 | 9844125e309999a9e880ff2bb4e07066 |
| SHA1 | 74cebd392abb7196bbb8e56a1e520fda84d850ac |
| SHA256 | de3a731befd37ee0e7c80a294f2e60a131f318d9de9e8878f05150f03f0d5507 |
| SHA512 | c890412b7908bda24868dbd37827d5b2c078d6ee6e2a998550ed29af107ece16249361a76a380c9c081794f1ba9c4d393e6eec4496de47c4d83fa2e6b85d7f28 |
memory/4132-135-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\Build\pub.key
| MD5 | 538e67c91ac9ee8b8480fa3552de00bf |
| SHA1 | 5fcd1944a59964e8b59f20acb5ed00c3ebf7c41c |
| SHA256 | 9cd1836ad2ae866cdd37c1abfbd185e9fadc6d11166e0cbcb68bfbc199e123cd |
| SHA512 | 3dba86b32e003415d14510f806f6bd3e3036fd848d12335af86245d540c415fe39aa310b1287001d7fc288e7e7077f33e4bf8e7616ec5df7e09affbc3daf56b5 |
memory/2756-137-0x0000000000000000-mapping.dmp
memory/1688-138-0x0000000000000000-mapping.dmp
memory/828-139-0x0000000000000000-mapping.dmp
memory/1844-140-0x0000000000000000-mapping.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-09-22 21:48
Reported
2022-09-22 21:49
Platform
win10v2004-20220901-en
Max time kernel
30s
Max time network
32s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\builder.exe
"C:\Users\Admin\AppData\Local\Temp\builder.exe"
Network
| Country | Destination | Domain | Proto |
| US | 93.184.221.240:80 | tcp | |
| US | 20.189.173.1:443 | tcp | |
| N/A | 52.152.110.14:443 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2022-09-22 21:48
Reported
2022-09-22 21:49
Platform
win10v2004-20220812-en
Max time kernel
30s
Max time network
32s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\keygen.exe
"C:\Users\Admin\AppData\Local\Temp\keygen.exe"
Network
| Country | Destination | Domain | Proto |
| US | 93.184.220.29:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| N/A | 52.152.110.14:443 | tcp |