Overview

overview

10

Static

static

10

LBLeak/Build.bat

windows7-x64

1

LBLeak/Build.bat

windows10-2004-x64

1

LBLeak/builder.exe

windows7-x64

1

LBLeak/builder.exe

windows10-2004-x64

1

LBLeak/keygen.exe

windows7-x64

1

LBLeak/keygen.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-02-2024 11:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LBLeak/Build.bat

  • Size

    741B

  • MD5

    4e46e28b2e61643f6af70a8b19e5cb1f

  • SHA1

    804a1d0c4a280b18e778e4b97f85562fa6d5a4e6

  • SHA256

    8e83a1727696ced618289f79674b97305d88beeeabf46bd25fc77ac53c1ae339

  • SHA512

    009b17b515ff0ea612e54d8751eef07f1e2b54db07e6cd69a95e7adf775f3c79a0ea91bff2fe593f2314807fdc00c75d80f1807b7dbe90f0fcf94607e675047b

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\LBLeak\Build.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:232
    • C:\Users\Admin\AppData\Local\Temp\LBLeak\keygen.exe
      keygen -path C:\Users\Admin\AppData\Local\Temp\LBLeak\Build -pubkey pub.key -privkey priv.key
      2⤵
        PID:4848
      • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
        builder -type dec -privkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\priv.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3Decryptor.exe
        2⤵
          PID:3940
        • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
          builder -type enc -exe -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3.exe
          2⤵
            PID:1740
          • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
            builder -type enc -exe -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_pass.exe
            2⤵
              PID:3788
            • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
              builder -type enc -dll -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_Rundll32.dll
              2⤵
                PID:4712
              • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
                builder -type enc -dll -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_Rundll32_pass.dll
                2⤵
                  PID:4224
                • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
                  builder -type enc -ref -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_ReflectiveDll_DllMain.dll
                  2⤵
                    PID:1372

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\priv.key
                  Filesize

                  344B

                  MD5

                  65091181cfcd12e373c390daae8fcca8

                  SHA1

                  c6b8661f1ab9b1ee4113bac800e06476c6268763

                  SHA256

                  f25c1f40e544dfac1801430c8d7ac3c5fb9166e08973002c55c527df6a4f85d9

                  SHA512

                  abe05067fcd1b86479f51fd2c07476599d131591bfc229b1dd0c124a9689474c127756547cba2aef1b3ee1921cd21967bbd45d65d415c199de73a1bf51f5aea5

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key
                  Filesize

                  344B

                  MD5

                  6a618bee17c9e9d344f72c490501dcc5

                  SHA1

                  c86d4490c7980047fa03d488bafc49de79402627

                  SHA256

                  a6e8a85bc7c8dc8983a7c858a88a239263de7db4691d55c7dc92d7d192781721

                  SHA512

                  386d2c3f2119211af0bbe645ca3597234cc7b701eab96917d636b9786adaed7c8adb09d46600c26ccdb06e8b8e11f4c0ff173c992fbc4ac2ff4e90e176e973f7

                  Download Submit