Analysis Overview
SHA256
07f022c9e5d007d17ab6aef023551b2c4a2f806df0397c4c5c517b0e76d49ab1
Threat Level: Known bad
The file LockBit3Builder.zip was found to be: Known bad.
Malicious Activity Summary
Blackmatter family
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-09-22 03:59
Signatures
Blackmatter family
Analysis: behavioral1
Detonation Overview
Submitted
2022-09-22 03:59
Reported
2022-09-22 04:00
Platform
win10v2004-20220812-en
Max time kernel
32s
Max time network
35s
Command Line
Signatures
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\LockBit3Builder.zip
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build.bat" "
C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\keygen.exe
keygen -path C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build -pubkey pub.key -privkey priv.key
C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\builder.exe
builder -type dec -privkey C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\priv.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\LB3Decryptor.exe
C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\builder.exe
builder -type enc -exe -pubkey C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\LB3.exe
C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\builder.exe
builder -type enc -exe -pass -pubkey C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\LB3_pass.exe
C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\builder.exe
builder -type enc -dll -pubkey C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\LB3_Rundll32.dll
C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\builder.exe
builder -type enc -dll -pass -pubkey C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\LB3_Rundll32_pass.dll
C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\builder.exe
builder -type enc -ref -pubkey C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\LB3_ReflectiveDll_DllMain.dll
Network
Files
memory/4520-132-0x0000000000000000-mapping.dmp
memory/4084-133-0x0000000000000000-mapping.dmp
C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\priv.key
| MD5 | e8600afebd1f7421fbf57099d42dfa1b |
| SHA1 | 1cf7bd166c34ffeb9440b68a10d01f511e8db890 |
| SHA256 | 3397ebb13705235773173a08b6a8c2060ec72f469f2a00dfdf39d7137ab8df5c |
| SHA512 | 64481188c94669ca34ad546a6c2063dbbd20dc485322999a4f6c7576fd18f1c7220bff01aacff62f079c05236e614f0b866b8aa2888c75edf0d0cb4f0da79913 |
memory/2476-135-0x0000000000000000-mapping.dmp
C:\Users\Admin\Desktop\LockBit3Builder\LockBit3Builder\Build\pub.key
| MD5 | b4b782f810f70700875959f7371f4c9f |
| SHA1 | 5bcc6e1ea4c51e6c13afc3a844920b7dcb3af229 |
| SHA256 | 474faf8952d3b3ad57ca6518982f756e350d4073529d2ec0bb7b84bb8d71cfe5 |
| SHA512 | eea7c5dcac71066551654bf04e834f5cd0da777a817abb3daf7405548ad923799f6fdd2ca531e5e26ae8892adb2e8607e14934ad968a473fdf317d51e423a71a |
memory/2816-137-0x0000000000000000-mapping.dmp
memory/3932-138-0x0000000000000000-mapping.dmp
memory/1296-139-0x0000000000000000-mapping.dmp
memory/1244-140-0x0000000000000000-mapping.dmp