34ae59b7acc09c2e82625640cae82c5158b649db1418ddbaa24138b51f1722c5

Analysis

max time kernel
140s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
27-01-2024 16:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LockBit-Black-Builder-main/LockBit3Builder/Build.bat
Size

733B
MD5

1905cc9973206fea5050b737f9303fb4
SHA1

497524177d9478a4b5dca3e73cc230be6abf4ce0
SHA256

e2f5b93040d57de6251d16256bcd04aa8eb337bde87308e602f01070efd345fb
SHA512

95bae9406d01083f6fe6916ecf8e889afe20ff5863070f1787dc7a60d2d1d5af2cf3fd481a3c4fb531f16dd2cb7a685002aaac1dc907cf189c19c60f2816dd76

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 4612 wrote to memory of 4828	4612	cmd.exe	88
PID 4612 wrote to memory of 4828	4612	cmd.exe	88
PID 4612 wrote to memory of 4828	4612	cmd.exe	88
PID 4612 wrote to memory of 532	4612	cmd.exe	90
PID 4612 wrote to memory of 532	4612	cmd.exe	90
PID 4612 wrote to memory of 532	4612	cmd.exe	90
PID 4612 wrote to memory of 4376	4612	cmd.exe	92
PID 4612 wrote to memory of 4376	4612	cmd.exe	92
PID 4612 wrote to memory of 4376	4612	cmd.exe	92
PID 4612 wrote to memory of 1720	4612	cmd.exe	93
PID 4612 wrote to memory of 1720	4612	cmd.exe	93
PID 4612 wrote to memory of 1720	4612	cmd.exe	93
PID 4612 wrote to memory of 2928	4612	cmd.exe	94
PID 4612 wrote to memory of 2928	4612	cmd.exe	94
PID 4612 wrote to memory of 2928	4612	cmd.exe	94
PID 4612 wrote to memory of 3184	4612	cmd.exe	95
PID 4612 wrote to memory of 3184	4612	cmd.exe	95
PID 4612 wrote to memory of 3184	4612	cmd.exe	95
PID 4612 wrote to memory of 4920	4612	cmd.exe	96
PID 4612 wrote to memory of 4920	4612	cmd.exe	96
PID 4612 wrote to memory of 4920	4612	cmd.exe	96

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4612
- C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\keygen.exe
  keygen -path C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build -pubkey pub.key -privkey priv.key
  2⤵
  PID:4828
- C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
  builder -type dec -privkey C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\priv.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3Decryptor.exe
  2⤵
  PID:532
- C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
  builder -type enc -exe -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3.exe
  2⤵
  PID:4376
- C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
  builder -type enc -exe -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_pass.exe
  2⤵
  PID:1720
- C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
  builder -type enc -dll -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_Rundll32.dll
  2⤵
  PID:2928
- C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
  builder -type enc -dll -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_Rundll32_pass.dll
  2⤵
  PID:3184
- C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
  builder -type enc -ref -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_ReflectiveDll_DllMain.dll
  2⤵
  PID:4920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\priv.key

Filesize
344B

MD5
ff9a992cbcc3a474b4c4f741e919a488

SHA1
65ab7459d1c198b4b3426097f141827e22c555a5

SHA256
3b08ac1546ce3cfcd78b138eaf07b9d1ede7a9fadba33c3abbdd57ad6573aaf1

SHA512
d3ce0afeaecedc399cb0b431ca4edc0f34d4545e75910bba56fa6af3f2dad1e8421de00344d6236799efa8c6f6dadb0831fa54c4c70306b77b1ea3196be35929

Download Submit
C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key

Filesize
344B

MD5
8430b8276b589236f5a97d30efcd2ab2

SHA1
333c377d245b975b2f221c4b786482a8ae09ad74

SHA256
a41e9af163c6ca8770be997b7c6265520ee4fb46982d5ee8f90980196ed07d23

SHA512
146defd0043e6be8ad2d4ffb473da4754f90eb4892ae77295115f049198c94ede38bcb5af6d4164a2df184176321459940a91593068bf8a84846e90d39cba3a5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads