Overview

overview

10

Static

static

10

Build.bat

windows7-x64

1

Build.bat

windows10-2004-x64

1

Build/LB3.exe

windows7-x64

10

Build/LB3.exe

windows10-2004-x64

10

Build/LB3D...or.exe

windows7-x64

5

Build/LB3D...or.exe

windows10-2004-x64

5

Build/LB3_...in.dll

windows7-x64

10

Build/LB3_...in.dll

windows10-2004-x64

7

Build/LB3_...32.dll

windows7-x64

1

Build/LB3_...32.dll

windows10-2004-x64

1

Build/LB3_...ss.dll

windows7-x64

10

Build/LB3_...ss.dll

windows10-2004-x64

10

Build/LB3_pass.exe

windows7-x64

10

Build/LB3_pass.exe

windows10-2004-x64

10

builder.exe

windows7-x64

1

builder.exe

windows10-2004-x64

1

keygen.exe

windows7-x64

1

keygen.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-03-2024 20:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Build.bat

  • Size

    733B

  • MD5

    1905cc9973206fea5050b737f9303fb4

  • SHA1

    497524177d9478a4b5dca3e73cc230be6abf4ce0

  • SHA256

    e2f5b93040d57de6251d16256bcd04aa8eb337bde87308e602f01070efd345fb

  • SHA512

    95bae9406d01083f6fe6916ecf8e889afe20ff5863070f1787dc7a60d2d1d5af2cf3fd481a3c4fb531f16dd2cb7a685002aaac1dc907cf189c19c60f2816dd76

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Build.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2472
    • C:\Users\Admin\AppData\Local\Temp\keygen.exe
      keygen -path C:\Users\Admin\AppData\Local\Temp\Build -pubkey pub.key -privkey priv.key
      2⤵
        PID:4464
      • C:\Users\Admin\AppData\Local\Temp\builder.exe
        builder -type dec -privkey C:\Users\Admin\AppData\Local\Temp\Build\priv.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\Build\LB3Decryptor.exe
        2⤵
          PID:3932
        • C:\Users\Admin\AppData\Local\Temp\builder.exe
          builder -type enc -exe -pubkey C:\Users\Admin\AppData\Local\Temp\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\Build\LB3.exe
          2⤵
            PID:4560
          • C:\Users\Admin\AppData\Local\Temp\builder.exe
            builder -type enc -exe -pass -pubkey C:\Users\Admin\AppData\Local\Temp\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\Build\LB3_pass.exe
            2⤵
              PID:4044
            • C:\Users\Admin\AppData\Local\Temp\builder.exe
              builder -type enc -dll -pubkey C:\Users\Admin\AppData\Local\Temp\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\Build\LB3_Rundll32.dll
              2⤵
                PID:1996
              • C:\Users\Admin\AppData\Local\Temp\builder.exe
                builder -type enc -dll -pass -pubkey C:\Users\Admin\AppData\Local\Temp\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\Build\LB3_Rundll32_pass.dll
                2⤵
                  PID:832
                • C:\Users\Admin\AppData\Local\Temp\builder.exe
                  builder -type enc -ref -pubkey C:\Users\Admin\AppData\Local\Temp\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\Build\LB3_ReflectiveDll_DllMain.dll
                  2⤵
                    PID:2936
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3668 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
                  1⤵
                    PID:1988

                  Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Temp\Build\priv.key
                    Filesize

                    344B

                    MD5

                    86dcea40c43dc5b8ae8e1d80fffd5dd1

                    SHA1

                    9d228ef1c6d6ba3091cfc964f43305f12453e7e9

                    SHA256

                    a79140e23c95ce41e23d28f9167910cdb924b037297d39793016e8a22dea39a6

                    SHA512

                    68eed37d96908b9afe11686e719caa5899d23076fc57752d14c538ffe63a12b77f9bdc61b9db99130fd72165795ea716ef2ef90952da42265b7c7dede8d9b7b7

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\Build\pub.key
                    Filesize

                    344B

                    MD5

                    4cbd50c34cdfef7753341f2ef775a61c

                    SHA1

                    83467f106930f7fc0b33bd3926f98730f2670c65

                    SHA256

                    1219da5aed54b1d83417d0dad2513185772a6e8fdfdc37f1e5367beb08577868

                    SHA512

                    5553f819faf14e4e24db01170a3d6202e1bdd7c02be56f776f8a971aafa48f666206b9cd607368c5ec2928ff133d05a544e8603637702aeab2fbd430acc9564f

                    Download Submit