Resubmissions

07/02/2023, 14:41

230207-r2m4wsfd7v 10

02/02/2023, 23:16

230202-29cy1aca9y 10

Analysis

  • max time kernel
    106s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/02/2023, 14:41

General

  • Target

    150484a1e19c17e3d2546c2094b06bd27d2b1680ce4df68f9f129eb34bd1478d.exe

  • Size

    149KB

  • MD5

    dca8fa45c2448fe71106f16b30cb4c22

  • SHA1

    07869763d4033ac550aab09c7eb5c40e136428f5

  • SHA256

    150484a1e19c17e3d2546c2094b06bd27d2b1680ce4df68f9f129eb34bd1478d

  • SHA512

    1c4f489ec881dd00d5552275f4c4c5e69d77d7ea661d7f06624c451d3c253c41e8ae7ec2b76bb5c97fe3982320de26a5a069e6f9aca2ed6bffa5ef5b75fd4661

  • SSDEEP

    3072:AxH3lP061yNzY0Qqnq9PpX7NWGGiXyzZLmMD6qf5+fTtTi/an2UnF3G1nkd:E3lP03Rq95hxUTDDf54TtT2a2kG1kd

Score
10/10

Malware Config

Signatures

  • Lockbit

    Ransomware family with multiple variants released since late 2019.

  • Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\150484a1e19c17e3d2546c2094b06bd27d2b1680ce4df68f9f129eb34bd1478d.exe
    "C:\Users\Admin\AppData\Local\Temp\150484a1e19c17e3d2546c2094b06bd27d2b1680ce4df68f9f129eb34bd1478d.exe"
    1⤵
      PID:4596
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 256
        2⤵
        • Program crash
        PID:4044
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4596 -ip 4596
      1⤵
        PID:2096

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/4596-132-0x0000000000400000-0x0000000000429000-memory.dmp

              Filesize

              164KB