b09403adcaf79f3602815c242b3698e43138156d848ac1b0802232d4afc36154

Resubmissions

13-11-2022 18:00

221113-wll9wacb66 10

22-09-2022 05:49

220922-gjgt2sabf4 10

21-09-2022 18:45

220921-xefn7aghd5 10

Analysis

max time kernel
49s
max time network
147s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
13-11-2022 18:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LockBit30/Build.bat
Size

741B
MD5

4e46e28b2e61643f6af70a8b19e5cb1f
SHA1

804a1d0c4a280b18e778e4b97f85562fa6d5a4e6
SHA256

8e83a1727696ced618289f79674b97305d88beeeabf46bd25fc77ac53c1ae339
SHA512

009b17b515ff0ea612e54d8751eef07f1e2b54db07e6cd69a95e7adf775f3c79a0ea91bff2fe593f2314807fdc00c75d80f1807b7dbe90f0fcf94607e675047b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 21 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 392 wrote to memory of 3084	392	cmd.exe	keygen.exe
PID 392 wrote to memory of 3084	392	cmd.exe	keygen.exe
PID 392 wrote to memory of 3084	392	cmd.exe	keygen.exe
PID 392 wrote to memory of 2260	392	cmd.exe	builder.exe
PID 392 wrote to memory of 2260	392	cmd.exe	builder.exe
PID 392 wrote to memory of 2260	392	cmd.exe	builder.exe
PID 392 wrote to memory of 4580	392	cmd.exe	builder.exe
PID 392 wrote to memory of 4580	392	cmd.exe	builder.exe
PID 392 wrote to memory of 4580	392	cmd.exe	builder.exe
PID 392 wrote to memory of 1524	392	cmd.exe	builder.exe
PID 392 wrote to memory of 1524	392	cmd.exe	builder.exe
PID 392 wrote to memory of 1524	392	cmd.exe	builder.exe
PID 392 wrote to memory of 4600	392	cmd.exe	builder.exe
PID 392 wrote to memory of 4600	392	cmd.exe	builder.exe
PID 392 wrote to memory of 4600	392	cmd.exe	builder.exe
PID 392 wrote to memory of 4908	392	cmd.exe	builder.exe
PID 392 wrote to memory of 4908	392	cmd.exe	builder.exe
PID 392 wrote to memory of 4908	392	cmd.exe	builder.exe
PID 392 wrote to memory of 3276	392	cmd.exe	builder.exe
PID 392 wrote to memory of 3276	392	cmd.exe	builder.exe
PID 392 wrote to memory of 3276	392	cmd.exe	builder.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\LockBit30\Build.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:392

C:\Users\Admin\AppData\Local\Temp\LockBit30\keygen.exe
keygen -path C:\Users\Admin\AppData\Local\Temp\LockBit30\Build -pubkey pub.key -privkey priv.key
2⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type dec -privkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\priv.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3Decryptor.exe
2⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type enc -exe -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3.exe
2⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type enc -exe -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3_pass.exe
2⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type enc -dll -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3_Rundll32.dll
2⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type enc -dll -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3_Rundll32_pass.dll
2⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type enc -ref -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3_ReflectiveDll_DllMain.dll
2⤵
PID:3276

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\priv.key
Filesize
344B

MD5
c132f4862c68786dfba9743ff4d06006

SHA1
2fbdaa3d52a43610fb9691ad9751180d86eef876

SHA256
45ac057fbfef18b23dcec0dd88271f7f87107716881c576e440eaaaa85f81021

SHA512
06d9b4cfcbe7cbaf28e8cb0d689224c60e5601b7b35488d6ea373e5583bcbf28ea15cf5af138fa64d4938cb8b72c05e85d74351900dc558bdc475f818e8f2c16

Download Submit
C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key
Filesize
344B

MD5
f6ff95aab9fc53175163c1fcdac05691

SHA1
37ebedd9325260277deca69636996082d45a5c69

SHA256
81eb8c4fbac9245a36af6d15e220fc392283dca7b3571e394c072ec6a2aa8421

SHA512
88b08c1cb1c9d241f46dbf54633361c9042d8f206839cb5794da5ed7f2996fa721c90db338e20e0e94c19854d2b5b73c72f2d252cbe209894000967ec43685e6

Download Submit
memory/1524-217-0x0000000000000000-mapping.dmp

Download
memory/2260-174-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-155-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-171-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-176-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-179-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-157-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-181-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-183-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-182-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-180-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-158-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-178-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-177-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-175-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-173-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-172-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-170-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-169-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-168-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-167-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-166-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-165-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-164-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-163-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-162-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-161-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-160-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-159-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-151-0x0000000000000000-mapping.dmp

Download
memory/2260-156-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-153-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-152-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/2260-154-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-140-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-135-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-127-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-132-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-150-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-148-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-147-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-146-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-145-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-144-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-143-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-142-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-141-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-123-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-139-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-138-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-137-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-136-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-119-0x0000000000000000-mapping.dmp

Download
memory/3084-149-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-134-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-133-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-131-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-130-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-129-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-128-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-126-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-125-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-124-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-122-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-120-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3084-121-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3276-310-0x0000000000000000-mapping.dmp

Download
memory/4580-186-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/4580-185-0x0000000000000000-mapping.dmp

Download
memory/4600-248-0x0000000000000000-mapping.dmp

Download
memory/4908-279-0x0000000000000000-mapping.dmp

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads