07f022c9e5d007d17ab6aef023551b2c4a2f806df0397c4c5c517b0e76d49ab1

Analysis

max time kernel
32s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
22-09-2022 03:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LockBit3Builder.zip
Size

290KB
MD5

74c93ee77b3eae4fbc654bad91c47d7f
SHA1

528e629a65f2f2ffe887518efe3ba5a8c938ceca
SHA256

07f022c9e5d007d17ab6aef023551b2c4a2f806df0397c4c5c517b0e76d49ab1
SHA512

99f59acf8c95a9e04d8103815ab6acfc2551663c00d99d42af0ff4fb2b9f3d0ba431076b08e2a912edb91f467c7c625382426809016c079565b7ed19bba023b0
SSDEEP

6144:UyfX3Y9sW0hmAwoRz0u8VE4ZYLuWPp4JGl3KaHWIrGq:UyfX3Y9/oR0fVEDPCkRHW+

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 4520	4548	cmd.exe	96
PID 4548 wrote to memory of 4520	4548	cmd.exe	96
PID 4548 wrote to memory of 4520	4548	cmd.exe	96
PID 4548 wrote to memory of 4084	4548	cmd.exe	97
PID 4548 wrote to memory of 4084	4548	cmd.exe	97
PID 4548 wrote to memory of 4084	4548	cmd.exe	97
PID 4548 wrote to memory of 2476	4548	cmd.exe	98
PID 4548 wrote to memory of 2476	4548	cmd.exe	98
PID 4548 wrote to memory of 2476	4548	cmd.exe	98
PID 4548 wrote to memory of 2816	4548	cmd.exe	99
PID 4548 wrote to memory of 2816	4548	cmd.exe	99
PID 4548 wrote to memory of 2816	4548	cmd.exe	99
PID 4548 wrote to memory of 3932	4548	cmd.exe	100
PID 4548 wrote to memory of 3932	4548	cmd.exe	100
PID 4548 wrote to memory of 3932	4548	cmd.exe	100
PID 4548 wrote to memory of 1296	4548	cmd.exe	101
PID 4548 wrote to memory of 1296	4548	cmd.exe	101
PID 4548 wrote to memory of 1296	4548	cmd.exe	101
PID 4548 wrote to memory of 1244	4548	cmd.exe	102
PID 4548 wrote to memory of 1244	4548	cmd.exe	102
PID 4548 wrote to memory of 1244	4548	cmd.exe	102

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\LockBit3Builder.zip
1⤵
PID:2472

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4856

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build.bat" "
1⤵
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\keygen.exe
  keygen -path C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build -pubkey pub.key -privkey priv.key
  2⤵
  PID:4520
- C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\builder.exe
  builder -type dec -privkey C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\priv.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\LB3Decryptor.exe
  2⤵
  PID:4084
- C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\builder.exe
  builder -type enc -exe -pubkey C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\LB3.exe
  2⤵
  PID:2476
- C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\builder.exe
  builder -type enc -exe -pass -pubkey C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\LB3_pass.exe
  2⤵
  PID:2816
- C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\builder.exe
  builder -type enc -dll -pubkey C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\LB3_Rundll32.dll
  2⤵
  PID:3932
- C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\builder.exe
  builder -type enc -dll -pass -pubkey C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\LB3_Rundll32_pass.dll
  2⤵
  PID:1296
- C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\builder.exe
  builder -type enc -ref -pubkey C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\LB3_ReflectiveDll_DllMain.dll
  2⤵
  PID:1244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\priv.key

Filesize
344B

MD5
e8600afebd1f7421fbf57099d42dfa1b

SHA1
1cf7bd166c34ffeb9440b68a10d01f511e8db890

SHA256
3397ebb13705235773173a08b6a8c2060ec72f469f2a00dfdf39d7137ab8df5c

SHA512
64481188c94669ca34ad546a6c2063dbbd20dc485322999a4f6c7576fd18f1c7220bff01aacff62f079c05236e614f0b866b8aa2888c75edf0d0cb4f0da79913

Download Submit
C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\pub.key

Filesize
344B

MD5
b4b782f810f70700875959f7371f4c9f

SHA1
5bcc6e1ea4c51e6c13afc3a844920b7dcb3af229

SHA256
474faf8952d3b3ad57ca6518982f756e350d4073529d2ec0bb7b84bb8d71cfe5

SHA512
eea7c5dcac71066551654bf04e834f5cd0da777a817abb3daf7405548ad923799f6fdd2ca531e5e26ae8892adb2e8607e14934ad968a473fdf317d51e423a71a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads