Overview

overview

10

Static

static

10

LockBit-ma...ld.bat

windows7-x64

1

LockBit-ma...ld.bat

windows10-2004-x64

1

LockBit-ma...ME.vbs

windows7-x64

1

LockBit-ma...ME.vbs

windows10-2004-x64

1

LockBit-ma...er.exe

windows7-x64

1

LockBit-ma...er.exe

windows10-2004-x64

1

LockBit-ma...en.exe

windows7-x64

1

LockBit-ma...en.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    22-02-2024 19:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LockBit-main/Build.bat

  • Size

    1KB

  • MD5

    b8f24efd1d30aac9d360db90c8717aee

  • SHA1

    7d31372560f81ea24db57bb18d56143251a8b266

  • SHA256

    95df1d82137315708931f1fc3411e891cd42d1cab413d4380b479788729248ed

  • SHA512

    14ebf7905f15983593164d1c093bb99d098daf3963f1b7a913c1a9763acb950075a0d2cceab3558cce3e7269c2a2d5dacc2b3c6c55807b0b6bda6bfad62dd032

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: CmdExeWriteProcessMemorySpam 7 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\LockBit-main\Build.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Users\Admin\AppData\Local\Temp\LockBit-main\keygen.exe
      keygen -path Build -pubkey pub.key -privkey priv.key
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:2004
    • C:\Users\Admin\AppData\Local\Temp\LockBit-main\builder.exe
      builder -type dec -privkey Build\priv.key -config config.json -ofile Build\LB3Decryptor.exe
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:1948
    • C:\Users\Admin\AppData\Local\Temp\LockBit-main\builder.exe
      builder -type enc -exe -pubkey Build\pub.key -config config.json -ofile Build\LB3.exe
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:1704
    • C:\Users\Admin\AppData\Local\Temp\LockBit-main\builder.exe
      builder -type enc -exe -pass -pubkey Build\pub.key -config config.json -ofile Build\LB3_pass.exe
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:2560
    • C:\Users\Admin\AppData\Local\Temp\LockBit-main\builder.exe
      builder -type enc -dll -pubkey Build\pub.key -config config.json -ofile Build\LB3_Rundll32.dll
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:2556
    • C:\Users\Admin\AppData\Local\Temp\LockBit-main\builder.exe
      builder -type enc -dll -pass -pubkey Build\pub.key -config config.json -ofile Build\LB3_Rundll32_pass.dll
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:2656
    • C:\Users\Admin\AppData\Local\Temp\LockBit-main\builder.exe
      builder -type enc -ref -pubkey Build\pub.key -config config.json -ofile Build\LB3_ReflectiveDll_DllMain.dll
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\LockBit-main\Build\priv.key
    Filesize

    344B

    MD5

    556704e61c1d5f4e5352853bf2384bf5

    SHA1

    44bbd2949a7d0866aac9a637ac411f229a56245c

    SHA256

    d8830e4a060bb46cc7a22223770ab224414428d03b45129d8b279ff9e88c11e9

    SHA512

    ab555dabb9f432d8f12b3e5a5a6feec8349ad4d19a74b8e643a040781197059533aff0619f06d0d321084f7f4f7844b6982c0053829d268fb15670bb27f3c153

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\LockBit-main\Build\pub.key
    Filesize

    344B

    MD5

    a2182c1e3a37909c26d06d3f76638b42

    SHA1

    6284611f4ef8fa1d1d37f30c86e66dba36538ed6

    SHA256

    2a8d6d66844d6711528dd24a832c688b22aae523f71f98899f3397adc725ae2a

    SHA512

    bc88f8e9a6a8841ddeb6210753269ee4176d86334ecf4182dcb9ed6d7bf908e8e92501e53e33b7f6db26b56ba45e8c58cf7b00258467ec6a9a4331a14ef9412e

    Download Submit