Analysis Overview
SHA256
b09403adcaf79f3602815c242b3698e43138156d848ac1b0802232d4afc36154
Threat Level: Known bad
The file a5bb65afe22627fbf9526fd316d32c368a986a4d65af31814ef2c18cef18422d.zip was found to be: Known bad.
Malicious Activity Summary
Blackmatter family
Suspicious behavior: CmdExeWriteProcessMemorySpam
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-11-13 18:00
Signatures
Blackmatter family
Analysis: behavioral1
Detonation Overview
Submitted
2022-11-13 18:00
Reported
2022-11-13 18:03
Platform
win7-20220812-en
Max time kernel
40s
Max time network
43s
Command Line
Signatures
Suspicious behavior: CmdExeWriteProcessMemorySpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LockBit30\keygen.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\LockBit30\Build.bat"
C:\Users\Admin\AppData\Local\Temp\LockBit30\keygen.exe
keygen -path C:\Users\Admin\AppData\Local\Temp\LockBit30\Build -pubkey pub.key -privkey priv.key
C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type dec -privkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\priv.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3Decryptor.exe
C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type enc -exe -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3.exe
C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type enc -exe -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3_pass.exe
C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type enc -dll -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3_Rundll32.dll
C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type enc -dll -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3_Rundll32_pass.dll
C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type enc -ref -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3_ReflectiveDll_DllMain.dll
Network
Files
memory/1472-54-0x0000000000000000-mapping.dmp
memory/1472-55-0x00000000768A1000-0x00000000768A3000-memory.dmp
memory/1144-56-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\priv.key
| MD5 | 0cf778dbdc46e5312713ca80f87d11fa |
| SHA1 | 7cefdee8da3e66c9bb9b200bb2970b2817aee51a |
| SHA256 | a2c53ba07122066aa8a6aa2e1a28b1b6ed30c104768d2919e2fdc40ecb841936 |
| SHA512 | 89b4e425a0b6d5c981f08bd11fa72194bea64a9fadc7d9beae419da1eafac6ecef36d69ba779421ae9d9b22c3fe4f76f9d9587bd35ec9119cc921bb007f612dc |
memory/760-59-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key
| MD5 | c50ba2951e2b688a7f3949ffb19295f2 |
| SHA1 | 3a62ebd8889e66beedcb735348420187f75b56c8 |
| SHA256 | af8a0399819e5bcf357c68be7749a28e76c6b1faf9807a660e0261395a488a0e |
| SHA512 | 815bf0b182b63f94750239989458ca2d9d644473e14b24f5d1aefe79eaedae4a261a8b192d217128105ccb99b4ef6fb32fda976dda540efa92b9675a17123d35 |
memory/888-62-0x0000000000000000-mapping.dmp
memory/800-64-0x0000000000000000-mapping.dmp
memory/1620-66-0x0000000000000000-mapping.dmp
memory/1724-68-0x0000000000000000-mapping.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2022-11-13 18:00
Reported
2022-11-13 18:03
Platform
win10v2004-20220812-en
Max time kernel
138s
Max time network
153s
Command Line
Signatures
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\LockBit30\Build.bat"
C:\Users\Admin\AppData\Local\Temp\LockBit30\keygen.exe
keygen -path C:\Users\Admin\AppData\Local\Temp\LockBit30\Build -pubkey pub.key -privkey priv.key
C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type dec -privkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\priv.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3Decryptor.exe
C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type enc -exe -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3.exe
C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type enc -exe -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3_pass.exe
C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type enc -dll -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3_Rundll32.dll
C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type enc -dll -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3_Rundll32_pass.dll
C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type enc -ref -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3_ReflectiveDll_DllMain.dll
Network
| Country | Destination | Domain | Proto |
| N/A | 209.197.3.8:80 | tcp | |
| N/A | 20.189.173.14:443 | tcp | |
| N/A | 93.184.221.240:80 | tcp | |
| N/A | 93.184.221.240:80 | tcp |
Files
memory/2544-132-0x0000000000000000-mapping.dmp
memory/1844-133-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\priv.key
| MD5 | 5946bf575aeea7f2fba6050e25af3803 |
| SHA1 | 28d78f48c0d00996df41f7b6326e6d7bd3b7df0c |
| SHA256 | aaa353efc6cd20bcc25d080b4bb1d39f46193967982c0d55079c18519a3b41b3 |
| SHA512 | 92c0a5dc8adbaa2af86c5662c3749292d926ad5b123e88c75db3a79a7f403e76deea326d20d228b8a226b672cd60a8b9c58e0115b0247c9bd168d94984d6d2eb |
memory/1556-135-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key
| MD5 | 515c832372cebdbf67d1c6e5cd4cb0dc |
| SHA1 | 13a125d2567b70989b9f42e3125ff8846acb16f0 |
| SHA256 | abd76a3834aee7c9450786f85ff7a6e04629809a219a3a2d83bb558885157958 |
| SHA512 | fd39e61c75ba9f63e5de92621f25914798e7fb9990851d2af48ae67e9120cc0acbb1e22526936ceb004023da0438bb13f3f481e3e9bb3b30a7ec0c86cf312606 |
memory/3972-137-0x0000000000000000-mapping.dmp
memory/3400-138-0x0000000000000000-mapping.dmp
memory/3256-139-0x0000000000000000-mapping.dmp
memory/3728-140-0x0000000000000000-mapping.dmp
Analysis: behavioral5
Detonation Overview
Submitted
2022-11-13 18:00
Reported
2022-11-13 18:03
Platform
win10-20220812-en
Max time kernel
52s
Max time network
66s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
"C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 13.89.178.26:443 | tcp |
Files
memory/2696-119-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-120-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-121-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-122-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-123-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-124-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-125-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-127-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-126-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-128-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-129-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-130-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-131-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-132-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-133-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-134-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-135-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-136-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-137-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-138-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-139-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-140-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-141-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-142-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-143-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-144-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-145-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-146-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-147-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-148-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-149-0x0000000077840000-0x00000000779CE000-memory.dmp
memory/2696-150-0x0000000077840000-0x00000000779CE000-memory.dmp
Analysis: behavioral8
Detonation Overview
Submitted
2022-11-13 18:00
Reported
2022-11-13 18:03
Platform
win10-20220901-en
Max time kernel
51s
Max time network
64s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\LockBit30\keygen.exe
"C:\Users\Admin\AppData\Local\Temp\LockBit30\keygen.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 20.50.73.10:443 | tcp | |
| N/A | 13.107.4.50:80 | tcp |
Files
memory/3504-117-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-118-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-119-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-120-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-121-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-122-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-123-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-124-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-125-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-126-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-127-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-128-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-129-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-130-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-131-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-132-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-133-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-134-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-135-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-136-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-137-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-138-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-139-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-140-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-141-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-142-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-143-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-144-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-145-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-146-0x00000000771E0000-0x000000007736E000-memory.dmp
memory/3504-147-0x00000000771E0000-0x000000007736E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-11-13 18:00
Reported
2022-11-13 18:03
Platform
win10-20220812-en
Max time kernel
49s
Max time network
147s
Command Line
Signatures
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\LockBit30\Build.bat"
C:\Users\Admin\AppData\Local\Temp\LockBit30\keygen.exe
keygen -path C:\Users\Admin\AppData\Local\Temp\LockBit30\Build -pubkey pub.key -privkey priv.key
C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type dec -privkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\priv.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3Decryptor.exe
C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type enc -exe -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3.exe
C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type enc -exe -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3_pass.exe
C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type enc -dll -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3_Rundll32.dll
C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type enc -dll -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3_Rundll32_pass.dll
C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
builder -type enc -ref -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\LB3_ReflectiveDll_DllMain.dll
Network
Files
memory/3084-119-0x0000000000000000-mapping.dmp
memory/3084-120-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-121-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-122-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-123-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-124-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-125-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-126-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-127-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-128-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-129-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-130-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-131-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-132-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-133-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-134-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-135-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-136-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-137-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-138-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-139-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-140-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-141-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-142-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-143-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-144-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-145-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-146-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-147-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-148-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-150-0x0000000077480000-0x000000007760E000-memory.dmp
memory/3084-149-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-151-0x0000000000000000-mapping.dmp
memory/2260-153-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-152-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-154-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-155-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-156-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-157-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-158-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-159-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-160-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-161-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-162-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-163-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-164-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-165-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-166-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-167-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-168-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-169-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-170-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-172-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-173-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-174-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-175-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-177-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-178-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-180-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-182-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-183-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-181-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-179-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-176-0x0000000077480000-0x000000007760E000-memory.dmp
memory/2260-171-0x0000000077480000-0x000000007760E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\priv.key
| MD5 | c132f4862c68786dfba9743ff4d06006 |
| SHA1 | 2fbdaa3d52a43610fb9691ad9751180d86eef876 |
| SHA256 | 45ac057fbfef18b23dcec0dd88271f7f87107716881c576e440eaaaa85f81021 |
| SHA512 | 06d9b4cfcbe7cbaf28e8cb0d689224c60e5601b7b35488d6ea373e5583bcbf28ea15cf5af138fa64d4938cb8b72c05e85d74351900dc558bdc475f818e8f2c16 |
memory/4580-185-0x0000000000000000-mapping.dmp
memory/4580-186-0x0000000077480000-0x000000007760E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LockBit30\Build\pub.key
| MD5 | f6ff95aab9fc53175163c1fcdac05691 |
| SHA1 | 37ebedd9325260277deca69636996082d45a5c69 |
| SHA256 | 81eb8c4fbac9245a36af6d15e220fc392283dca7b3571e394c072ec6a2aa8421 |
| SHA512 | 88b08c1cb1c9d241f46dbf54633361c9042d8f206839cb5794da5ed7f2996fa721c90db338e20e0e94c19854d2b5b73c72f2d252cbe209894000967ec43685e6 |
memory/1524-217-0x0000000000000000-mapping.dmp
memory/4600-248-0x0000000000000000-mapping.dmp
memory/4908-279-0x0000000000000000-mapping.dmp
memory/3276-310-0x0000000000000000-mapping.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2022-11-13 18:00
Reported
2022-11-13 18:03
Platform
win7-20220901-en
Max time kernel
44s
Max time network
48s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
"C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe"
Network
Files
memory/2016-54-0x0000000075A71000-0x0000000075A73000-memory.dmp
Analysis: behavioral6
Detonation Overview
Submitted
2022-11-13 18:00
Reported
2022-11-13 18:03
Platform
win10v2004-20220812-en
Max time kernel
106s
Max time network
122s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe
"C:\Users\Admin\AppData\Local\Temp\LockBit30\builder.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 20.189.173.10:443 | tcp | |
| N/A | 8.253.208.113:80 | tcp | |
| N/A | 8.253.208.113:80 | tcp | |
| N/A | 209.197.3.8:80 | tcp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2022-11-13 18:00
Reported
2022-11-13 18:03
Platform
win7-20220812-en
Max time kernel
38s
Max time network
41s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\LockBit30\keygen.exe
"C:\Users\Admin\AppData\Local\Temp\LockBit30\keygen.exe"
Network
Files
memory/544-54-0x0000000075A91000-0x0000000075A93000-memory.dmp
Analysis: behavioral9
Detonation Overview
Submitted
2022-11-13 18:00
Reported
2022-11-13 18:03
Platform
win10v2004-20220812-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\LockBit30\keygen.exe
"C:\Users\Admin\AppData\Local\Temp\LockBit30\keygen.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 93.184.220.29:80 | tcp | |
| N/A | 104.46.162.224:443 | tcp | |
| N/A | 209.197.3.8:80 | tcp | |
| N/A | 209.197.3.8:80 | tcp | |
| N/A | 209.197.3.8:80 | tcp | |
| N/A | 104.80.225.205:443 | tcp |