Analysis
-
max time kernel
1613s -
max time network
1615s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
02/06/2023, 14:10
Behavioral task
behavioral1
Sample
LBB_pass_exe.exe
Resource
win7-20230220-en
4 signatures
1800 seconds
General
-
Target
LBB_pass_exe.exe
-
Size
156KB
-
MD5
939b44c121ac02bb4f2263aa98d435b7
-
SHA1
898dfdc5c7d3ea28ec908c010fd8487dbcaf1574
-
SHA256
19f7e6eee538f50e096c7f25b0ef73d9dc19c836ad4224d2039941041b3b56f8
-
SHA512
1cb1cbc96c8ce350feb43cf9cf10b056d6ca9910603c6f328b4febf33f08a39b0012e4bb28e567d2699f997396e0bd2907c3a3edea69382f4898056f5f6b9398
-
SSDEEP
3072:xlzcLHATJgJnZ9VQqkRMm8gVXn6sld/dtgP/Qq7aAkMefBOI:xNYHA9K1QmmlRV/dtWomkMe7
Score
10/10
Malware Config
Signatures
-
Lockbit
Ransomware family with multiple variants released since late 2019.
-
Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs
resource yara_rule behavioral1/memory/820-54-0x0000000000400000-0x000000000042B000-memory.dmp family_lockbit -
Program crash 1 IoCs
pid pid_target Process procid_target 1452 820 WerFault.exe 26 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 820 wrote to memory of 1452 820 LBB_pass_exe.exe 27 PID 820 wrote to memory of 1452 820 LBB_pass_exe.exe 27 PID 820 wrote to memory of 1452 820 LBB_pass_exe.exe 27 PID 820 wrote to memory of 1452 820 LBB_pass_exe.exe 27