Overview

overview

10

Static

static

10

Build.bat

windows7-x64

1

Build.bat

windows10-2004-x64

1

Build/LB3.exe

windows7-x64

10

Build/LB3.exe

windows10-2004-x64

10

Build/LB3D...or.exe

windows7-x64

5

Build/LB3D...or.exe

windows10-2004-x64

5

Build/LB3_...in.dll

windows7-x64

10

Build/LB3_...in.dll

windows10-2004-x64

7

Build/LB3_...32.dll

windows7-x64

1

Build/LB3_...32.dll

windows10-2004-x64

1

Build/LB3_...ss.dll

windows7-x64

10

Build/LB3_...ss.dll

windows10-2004-x64

10

Build/LB3_pass.exe

windows7-x64

10

Build/LB3_pass.exe

windows10-2004-x64

10

builder.exe

windows7-x64

1

builder.exe

windows10-2004-x64

1

keygen.exe

windows7-x64

1

keygen.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-03-2024 02:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Build.bat

  • Size

    733B

  • MD5

    1905cc9973206fea5050b737f9303fb4

  • SHA1

    497524177d9478a4b5dca3e73cc230be6abf4ce0

  • SHA256

    e2f5b93040d57de6251d16256bcd04aa8eb337bde87308e602f01070efd345fb

  • SHA512

    95bae9406d01083f6fe6916ecf8e889afe20ff5863070f1787dc7a60d2d1d5af2cf3fd481a3c4fb531f16dd2cb7a685002aaac1dc907cf189c19c60f2816dd76

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Build.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1432
    • C:\Users\Admin\AppData\Local\Temp\keygen.exe
      keygen -path C:\Users\Admin\AppData\Local\Temp\Build -pubkey pub.key -privkey priv.key
      2⤵
        PID:3088
      • C:\Users\Admin\AppData\Local\Temp\builder.exe
        builder -type dec -privkey C:\Users\Admin\AppData\Local\Temp\Build\priv.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\Build\LB3Decryptor.exe
        2⤵
          PID:2764
        • C:\Users\Admin\AppData\Local\Temp\builder.exe
          builder -type enc -exe -pubkey C:\Users\Admin\AppData\Local\Temp\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\Build\LB3.exe
          2⤵
            PID:2224
          • C:\Users\Admin\AppData\Local\Temp\builder.exe
            builder -type enc -exe -pass -pubkey C:\Users\Admin\AppData\Local\Temp\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\Build\LB3_pass.exe
            2⤵
              PID:2432
            • C:\Users\Admin\AppData\Local\Temp\builder.exe
              builder -type enc -dll -pubkey C:\Users\Admin\AppData\Local\Temp\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\Build\LB3_Rundll32.dll
              2⤵
                PID:4688
              • C:\Users\Admin\AppData\Local\Temp\builder.exe
                builder -type enc -dll -pass -pubkey C:\Users\Admin\AppData\Local\Temp\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\Build\LB3_Rundll32_pass.dll
                2⤵
                  PID:4856
                • C:\Users\Admin\AppData\Local\Temp\builder.exe
                  builder -type enc -ref -pubkey C:\Users\Admin\AppData\Local\Temp\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\Build\LB3_ReflectiveDll_DllMain.dll
                  2⤵
                    PID:2664
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3692 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
                  1⤵
                    PID:4396

                  Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Temp\Build\priv.key
                    Filesize

                    344B

                    MD5

                    aa1ab1e22b52acab3fe4d4763845920a

                    SHA1

                    0d68bab02d3b58bc94cf2b523c8bbad4e3875034

                    SHA256

                    6f6697715038da15cac4881873033631e610245c456b2016139386657d86a5a4

                    SHA512

                    c5150364aafbcac7a07fac528f20971d9fe93dfb36da8680133646552a32a28b89a625c24f5c44935bb970afaf98cf3b609d6dc82b007caa4ee6011f7655cb4d

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\Build\pub.key
                    Filesize

                    344B

                    MD5

                    89b2400affa5b6ded8f71991da42d292

                    SHA1

                    5d7f6f7369738df42e1a66e4e11602f61fda11ea

                    SHA256

                    1f7789bcd65374200ad5c6f3c670f3e48ef13c2d84c4bde719f57b19c6efc562

                    SHA512

                    87fb2a3e8d7d3ab872e7812526006b4d1d14425b5ad4ef108ec51534137145efc77b9986b07d07274744f44161bc90f19ec1b10c8962204ccd86bd8b65e4a793

                    Download Submit