Analysis

  • max time kernel
    28s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    07/06/2023, 03:52

General

  • Target

    d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee.exe

  • Size

    162KB

  • MD5

    628e4a77536859ffc2853005924db2ef

  • SHA1

    c2a321b6078acfab582a195c3eaf3fe05e095ce0

  • SHA256

    d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee

  • SHA512

    aae3e3e9b12ab7389e5f2eac89b2a306c4d2b91bb4204f83cc7308a83c3dea88bbc2d826546c886fd580c01245a6be5c0aefcd93936daeecb3614935248de5f1

  • SSDEEP

    3072:o5uyulsHwDV1gFnTwn7zwJGJ+3t5kCI5Gzei3N2VzRmK:o5uZ1DPgFnk7EJwaI5gDN2VVm

Score
10/10

Malware Config

Signatures

  • Lockbit

    Ransomware family with multiple variants released since late 2019.

  • Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee.exe
    "C:\Users\Admin\AppData\Local\Temp\d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:920
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 88
      2⤵
      • Program crash
      PID:844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/920-54-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB