Analysis
-
max time kernel
118s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
14-03-2024 04:10
Behavioral task
behavioral1
Sample
4129e2b6acc9fe06dca2b3e2012b219560e7587a9718269aac317d6550f6e70a.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4129e2b6acc9fe06dca2b3e2012b219560e7587a9718269aac317d6550f6e70a.dll
Resource
win10v2004-20240226-en
General
-
Target
4129e2b6acc9fe06dca2b3e2012b219560e7587a9718269aac317d6550f6e70a.dll
-
Size
148KB
-
MD5
f8186c3a04ed7d540e555febc2b2d2b0
-
SHA1
e8e125fb69bc9d4ab87c38e090dbdb0926efcf45
-
SHA256
4129e2b6acc9fe06dca2b3e2012b219560e7587a9718269aac317d6550f6e70a
-
SHA512
931330859579ea77d8a75d34d1931f6ad8e4214422a769a330d6bf9860670bbdf67c89895a95676384a0a7ec0708192ee7cc79a143e3178e7a00461ccfd23fde
-
SSDEEP
3072:Y49wVJY+UF/4wSkABPkoQNGDQ5sTegxa8zfIz79Z2eV0E8Yqzn/wAXikw/Y:O0B4wskoBCAPQ8fI1Z2eV0E89/zXikMY
Malware Config
Signatures
-
Lockbit
Ransomware family with multiple variants released since late 2019.
-
Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2928-0-0x0000000010000000-0x0000000010029000-memory.dmp family_lockbit -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2080 wrote to memory of 2928 2080 rundll32.exe rundll32.exe PID 2080 wrote to memory of 2928 2080 rundll32.exe rundll32.exe PID 2080 wrote to memory of 2928 2080 rundll32.exe rundll32.exe PID 2080 wrote to memory of 2928 2080 rundll32.exe rundll32.exe PID 2080 wrote to memory of 2928 2080 rundll32.exe rundll32.exe PID 2080 wrote to memory of 2928 2080 rundll32.exe rundll32.exe PID 2080 wrote to memory of 2928 2080 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4129e2b6acc9fe06dca2b3e2012b219560e7587a9718269aac317d6550f6e70a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2080 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4129e2b6acc9fe06dca2b3e2012b219560e7587a9718269aac317d6550f6e70a.dll,#12⤵PID:2928