0352c777207eaf877ab06d807dba3d92a84f7b6443bdcb967f10bc660f4c00e7 | Triage

Analysis

max time kernel
22s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
07-06-2024 10:20

Sharing

Report Analysis Logs

General

Target

LockBit3Builder/Build.bat
Size

741B
MD5

4e46e28b2e61643f6af70a8b19e5cb1f
SHA1

804a1d0c4a280b18e778e4b97f85562fa6d5a4e6
SHA256

8e83a1727696ced618289f79674b97305d88beeeabf46bd25fc77ac53c1ae339
SHA512

009b17b515ff0ea612e54d8751eef07f1e2b54db07e6cd69a95e7adf775f3c79a0ea91bff2fe593f2314807fdc00c75d80f1807b7dbe90f0fcf94607e675047b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 3628 wrote to memory of 3212	3628	cmd.exe	keygen.exe
PID 3628 wrote to memory of 3212	3628	cmd.exe	keygen.exe
PID 3628 wrote to memory of 3212	3628	cmd.exe	keygen.exe
PID 3628 wrote to memory of 1524	3628	cmd.exe	builder.exe
PID 3628 wrote to memory of 1524	3628	cmd.exe	builder.exe
PID 3628 wrote to memory of 1524	3628	cmd.exe	builder.exe
PID 3628 wrote to memory of 2204	3628	cmd.exe	builder.exe
PID 3628 wrote to memory of 2204	3628	cmd.exe	builder.exe
PID 3628 wrote to memory of 2204	3628	cmd.exe	builder.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\LockBit3Builder\Build.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3628

C:\Users\Admin\AppData\Local\Temp\LockBit3Builder\keygen.exe
keygen -path C:\Users\Admin\AppData\Local\Temp\LockBit3Builder\Build -pubkey pub.key -privkey priv.key
2⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\LockBit3Builder\builder.exe
builder -type dec -privkey C:\Users\Admin\AppData\Local\Temp\LockBit3Builder\Build\priv.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit3Builder\Build\LB3Decryptor.exe
2⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\LockBit3Builder\builder.exe
builder -type enc -exe -pubkey C:\Users\Admin\AppData\Local\Temp\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LockBit3Builder\Build\LB3.exe
2⤵
PID:2204

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\LockBit3Builder\Build\priv.key
Filesize
344B

MD5
2b9cc77f582ffc6469cd2c4ee10c291d

SHA1
468550d735be5e2aa2090f39b638e18dfffe2f05

SHA256
fe5166b34f7c1f4568ec97a91781c26ed12f186131464cc0d0c1e4f250b8f34a

SHA512
06036f67b6b723b2f698525b7dd9d2659a9367e8f7b6dc456482290b5e242afd227694cf165072b9d4a0634d7822104ff746df462b20df2b91036a5af48fd368

Download Submit