34ae59b7acc09c2e82625640cae82c5158b649db1418ddbaa24138b51f1722c5

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
27/01/2024, 16:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LockBit-Black-Builder-main/LockBit3Builder/Build.bat
Size

733B
MD5

1905cc9973206fea5050b737f9303fb4
SHA1

497524177d9478a4b5dca3e73cc230be6abf4ce0
SHA256

e2f5b93040d57de6251d16256bcd04aa8eb337bde87308e602f01070efd345fb
SHA512

95bae9406d01083f6fe6916ecf8e889afe20ff5863070f1787dc7a60d2d1d5af2cf3fd481a3c4fb531f16dd2cb7a685002aaac1dc907cf189c19c60f2816dd76

Score

1^/10

Malware Config

Signatures

Suspicious behavior: CmdExeWriteProcessMemorySpam 7 IoCs

pid	Process
2740	keygen.exe
3044	builder.exe
3060	builder.exe
1936	builder.exe
3032	builder.exe
2560	builder.exe
2608	builder.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2552 wrote to memory of 2740	2552	cmd.exe	29
PID 2552 wrote to memory of 2740	2552	cmd.exe	29
PID 2552 wrote to memory of 2740	2552	cmd.exe	29
PID 2552 wrote to memory of 2740	2552	cmd.exe	29
PID 2552 wrote to memory of 3044	2552	cmd.exe	30
PID 2552 wrote to memory of 3044	2552	cmd.exe	30
PID 2552 wrote to memory of 3044	2552	cmd.exe	30
PID 2552 wrote to memory of 3044	2552	cmd.exe	30
PID 2552 wrote to memory of 3060	2552	cmd.exe	32
PID 2552 wrote to memory of 3060	2552	cmd.exe	32
PID 2552 wrote to memory of 3060	2552	cmd.exe	32
PID 2552 wrote to memory of 3060	2552	cmd.exe	32
PID 2552 wrote to memory of 1936	2552	cmd.exe	31
PID 2552 wrote to memory of 1936	2552	cmd.exe	31
PID 2552 wrote to memory of 1936	2552	cmd.exe	31
PID 2552 wrote to memory of 1936	2552	cmd.exe	31
PID 2552 wrote to memory of 3032	2552	cmd.exe	33
PID 2552 wrote to memory of 3032	2552	cmd.exe	33
PID 2552 wrote to memory of 3032	2552	cmd.exe	33
PID 2552 wrote to memory of 3032	2552	cmd.exe	33
PID 2552 wrote to memory of 2560	2552	cmd.exe	34
PID 2552 wrote to memory of 2560	2552	cmd.exe	34
PID 2552 wrote to memory of 2560	2552	cmd.exe	34
PID 2552 wrote to memory of 2560	2552	cmd.exe	34
PID 2552 wrote to memory of 2608	2552	cmd.exe	35
PID 2552 wrote to memory of 2608	2552	cmd.exe	35
PID 2552 wrote to memory of 2608	2552	cmd.exe	35
PID 2552 wrote to memory of 2608	2552	cmd.exe	35

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\keygen.exe
  keygen -path C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build -pubkey pub.key -privkey priv.key
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:2740
- C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
  builder -type dec -privkey C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\priv.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3Decryptor.exe
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:3044
- C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
  builder -type enc -exe -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_pass.exe
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:1936
- C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
  builder -type enc -exe -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3.exe
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:3060
- C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
  builder -type enc -dll -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_Rundll32.dll
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:3032
- C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
  builder -type enc -dll -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_Rundll32_pass.dll
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:2560
- C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
  builder -type enc -ref -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_ReflectiveDll_DllMain.dll
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:2608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\priv.key

Filesize
344B

MD5
fa77803cbf88abf9df8f71b8e3f689e4

SHA1
cb1089603d3ca770e53011ce2fcc0f252b1948bf

SHA256
6b77f044cfeb252c3029887f02998366395afd8ec057d643adf25907296e018d

SHA512
9a2229b8e8c48ebae86855420e264b6cb7ea80ba5e99b5ebb4c0b9f04442681c40e81d1d5781790fb7dcfaf9a9715d8fe5d6f7f937fc93b29f702c3f86f1f0be

Download Submit
C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key

Filesize
344B

MD5
84a3615bd16c517715375e369e8c31ac

SHA1
472e7133dff371c7ad19d2fa0a99d7d17ef72fc7

SHA256
59dfc2a77c0193802c914c4ceaaf7f2fc20b456cd085c1aa0faafb63b4b727bd

SHA512
86c1dcd217f46db21ab893275d6ca50fedf3569893052ccaaf211e338159d3acb82fe46e77adead0a794b2abc57ed71f10d06e9f1bf5dfb3e8dad9f9aaf7ccf8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads