Overview

overview

10

Static

static

10

LB3_pass.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    73s
  • max time network
    77s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-de
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-delocale:de-deos:windows10-2004-x64systemwindows
  • submitted
    23-05-2024 15:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LB3_pass.exe

  • Size

    149KB

  • MD5

    c2a9916e3c8ce13e982a229525ed621d

  • SHA1

    99cf3d733648e0de8e7b1b23f0e490f6f413e5c5

  • SHA256

    b2d1570ac866236acba545eca357fe86635531c77f59eb354f46313106ae1a0b

  • SHA512

    f661e252c3c2e620c0d5ca07f0e0e8d08c544c3cc1b047660f37a042e2559dfae6e3de75f1786deea3d1a15492d5ad44777638c3b5791c3636c2921c62d7497b

  • SSDEEP

    3072:TcJCbD97gShYNmXpisfW6PlVwJc9tbPubxTFq111ZfRCdCX7:Tcobp0ShYiMUWgV40pubdFqdOdCX7

Score
10/10
lockbitransomware

Malware Config

Signatures

  • Lockbit

    Ransomware family with multiple variants released since late 2019.

    ransomwarelockbit
  • Rule to detect Lockbit 3.0 ransomware Windows payload 3 IoCs
  • Program crash 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LB3_pass.exe
    "C:\Users\Admin\AppData\Local\Temp\LB3_pass.exe"
    1⤵
      PID:4984
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 220
        2⤵
        • Program crash
        PID:4444
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4984 -ip 4984
      1⤵
        PID:640
      • C:\Windows\System32\rundll32.exe
        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        1⤵
          PID:4060
        • C:\Users\Admin\AppData\Local\Temp\LB3_pass.exe
          "C:\Users\Admin\AppData\Local\Temp\LB3_pass.exe"
          1⤵
            PID:3936
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 272
              2⤵
              • Program crash
              PID:2636
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3936 -ip 3936
            1⤵
              PID:2316

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/3936-2-0x0000000000400000-0x0000000000429000-memory.dmp
              Filesize

              164KB

              Download
            • memory/4984-0-0x0000000000400000-0x0000000000429000-memory.dmp
              Filesize

              164KB

              Download
            • memory/4984-1-0x0000000000400000-0x0000000000429000-memory.dmp
              Filesize

              164KB

              Download