Resubmissions

07/02/2023, 14:41

230207-r2m4wsfd7v 10

02/02/2023, 23:16

230202-29cy1aca9y 10

Analysis

  • max time kernel
    43s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    07/02/2023, 14:41

General

  • Target

    150484a1e19c17e3d2546c2094b06bd27d2b1680ce4df68f9f129eb34bd1478d.exe

  • Size

    149KB

  • MD5

    dca8fa45c2448fe71106f16b30cb4c22

  • SHA1

    07869763d4033ac550aab09c7eb5c40e136428f5

  • SHA256

    150484a1e19c17e3d2546c2094b06bd27d2b1680ce4df68f9f129eb34bd1478d

  • SHA512

    1c4f489ec881dd00d5552275f4c4c5e69d77d7ea661d7f06624c451d3c253c41e8ae7ec2b76bb5c97fe3982320de26a5a069e6f9aca2ed6bffa5ef5b75fd4661

  • SSDEEP

    3072:AxH3lP061yNzY0Qqnq9PpX7NWGGiXyzZLmMD6qf5+fTtTi/an2UnF3G1nkd:E3lP03Rq95hxUTDDf54TtT2a2kG1kd

Score
10/10

Malware Config

Signatures

  • Lockbit

    Ransomware family with multiple variants released since late 2019.

  • Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\150484a1e19c17e3d2546c2094b06bd27d2b1680ce4df68f9f129eb34bd1478d.exe
    "C:\Users\Admin\AppData\Local\Temp\150484a1e19c17e3d2546c2094b06bd27d2b1680ce4df68f9f129eb34bd1478d.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:364
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 364 -s 88
      2⤵
      • Program crash
      PID:908

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/364-55-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB