Analysis
-
max time kernel
153s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
14-03-2024 04:13
Behavioral task
behavioral1
Sample
66cbbeae5d9afbae6cffca41b5bfcc0f3e5fa2bd9746692796710e3425d78b5f.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
66cbbeae5d9afbae6cffca41b5bfcc0f3e5fa2bd9746692796710e3425d78b5f.dll
Resource
win10v2004-20240226-en
General
-
Target
66cbbeae5d9afbae6cffca41b5bfcc0f3e5fa2bd9746692796710e3425d78b5f.dll
-
Size
148KB
-
MD5
da8dfcdd945c9dba6018a4a5c72bc06c
-
SHA1
fbce06e8277c1986ef3d523638b3c4c05e34143f
-
SHA256
66cbbeae5d9afbae6cffca41b5bfcc0f3e5fa2bd9746692796710e3425d78b5f
-
SHA512
9f09a6109f7ee7fef22f05d62934171268420d79448fb2945e8d34cbf927521299216b12a87613a513158a54cc2f52eb84a3cda708bf5fb303125c9f2aa9f334
-
SSDEEP
3072:f3icefNthmdVglJIOVwAdW/zI9lAvBNDs+PMsBQLAaY9:Pi54dVglJW89lytPzBQLU
Malware Config
Signatures
-
Lockbit
Ransomware family with multiple variants released since late 2019.
-
Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/1324-0-0x0000000010000000-0x0000000010029000-memory.dmp family_lockbit -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 5004 wrote to memory of 1324 5004 rundll32.exe rundll32.exe PID 5004 wrote to memory of 1324 5004 rundll32.exe rundll32.exe PID 5004 wrote to memory of 1324 5004 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\66cbbeae5d9afbae6cffca41b5bfcc0f3e5fa2bd9746692796710e3425d78b5f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5004 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\66cbbeae5d9afbae6cffca41b5bfcc0f3e5fa2bd9746692796710e3425d78b5f.dll,#12⤵PID:1324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4156 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:81⤵PID:1868