f566f21f3db0c4a9f421f18e6561279b4dd4c5fd3c32456a6f2e5b927b49719d

Resubmissions

23-05-2024 09:35

240523-lkmh5scb37 10

28-04-2024 14:29

240428-rth5zahg49 10

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 09:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/Build.bat
Size

733B
MD5

1905cc9973206fea5050b737f9303fb4
SHA1

497524177d9478a4b5dca3e73cc230be6abf4ce0
SHA256

e2f5b93040d57de6251d16256bcd04aa8eb337bde87308e602f01070efd345fb
SHA512

95bae9406d01083f6fe6916ecf8e889afe20ff5863070f1787dc7a60d2d1d5af2cf3fd481a3c4fb531f16dd2cb7a685002aaac1dc907cf189c19c60f2816dd76

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 2176	4984	cmd.exe	84
PID 4984 wrote to memory of 2176	4984	cmd.exe	84
PID 4984 wrote to memory of 2176	4984	cmd.exe	84
PID 4984 wrote to memory of 2056	4984	cmd.exe	85
PID 4984 wrote to memory of 2056	4984	cmd.exe	85
PID 4984 wrote to memory of 2056	4984	cmd.exe	85
PID 4984 wrote to memory of 3988	4984	cmd.exe	86
PID 4984 wrote to memory of 3988	4984	cmd.exe	86
PID 4984 wrote to memory of 3988	4984	cmd.exe	86
PID 4984 wrote to memory of 3064	4984	cmd.exe	87
PID 4984 wrote to memory of 3064	4984	cmd.exe	87
PID 4984 wrote to memory of 3064	4984	cmd.exe	87
PID 4984 wrote to memory of 876	4984	cmd.exe	88
PID 4984 wrote to memory of 876	4984	cmd.exe	88
PID 4984 wrote to memory of 876	4984	cmd.exe	88
PID 4984 wrote to memory of 4084	4984	cmd.exe	89
PID 4984 wrote to memory of 4084	4984	cmd.exe	89
PID 4984 wrote to memory of 4084	4984	cmd.exe	89
PID 4984 wrote to memory of 4092	4984	cmd.exe	90
PID 4984 wrote to memory of 4092	4984	cmd.exe	90
PID 4984 wrote to memory of 4092	4984	cmd.exe	90

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit3Builder\Build.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit3Builder\keygen.exe
  keygen -path C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit3Builder\Build -pubkey pub.key -privkey priv.key
  2⤵
  PID:2176
- C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
  builder -type dec -privkey C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit3Builder\Build\priv.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3Decryptor.exe
  2⤵
  PID:2056
- C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
  builder -type enc -exe -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3.exe
  2⤵
  PID:3988
- C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
  builder -type enc -exe -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_pass.exe
  2⤵
  PID:3064
- C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
  builder -type enc -dll -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_Rundll32.dll
  2⤵
  PID:876
- C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
  builder -type enc -dll -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_Rundll32_pass.dll
  2⤵
  PID:4084
- C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
  builder -type enc -ref -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_ReflectiveDll_DllMain.dll
  2⤵
  PID:4092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit3Builder\Build\priv.key

Filesize
344B

MD5
91edef69d4f7c603d7ee6a727cd004ca

SHA1
0e1bd901de844840d350b4eb470c487d5af73d39

SHA256
7b697e6256b5b20c4212c1169a30236226b4fba92a24897f39cbb6d48255f805

SHA512
546eb4015da8dad391a6004f559dcaedf77a605d8569c41e4a81a02cbd1b2e35fcb348affa7096661c4ce35b08da01b32f894c185d53a876cd545128c3d917b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key

Filesize
344B

MD5
ff59205f1b92976e951c73d5bc8983bf

SHA1
401bb6df04d4c4c04aae5bcba6a1d1ce952dcd9d

SHA256
2291cee053c087618c00f6583b5925225798e076b240c536e46add2b1d344ec9

SHA512
61c72748fff1aa85f6c08e94e908f4a0135bf0ae277162b3bf12ec43b7a0c29ececd40e6c56d5e0660a1cd50989c4322762213fe6d604f6f8e345618b60906d0

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads