Overview

overview

10

Static

static

10

triage/Build.bat

windows7-x64

1

triage/Build.bat

windows10-2004-x64

1

triage/builder.exe

windows7-x64

1

triage/builder.exe

windows10-2004-x64

1

triage/config.json

windows7-x64

3

triage/config.json

windows10-2004-x64

3

triage/keygen.exe

windows7-x64

1

triage/keygen.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-07-2024 03:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    triage/Build.bat

  • Size

    741B

  • MD5

    4e46e28b2e61643f6af70a8b19e5cb1f

  • SHA1

    804a1d0c4a280b18e778e4b97f85562fa6d5a4e6

  • SHA256

    8e83a1727696ced618289f79674b97305d88beeeabf46bd25fc77ac53c1ae339

  • SHA512

    009b17b515ff0ea612e54d8751eef07f1e2b54db07e6cd69a95e7adf775f3c79a0ea91bff2fe593f2314807fdc00c75d80f1807b7dbe90f0fcf94607e675047b

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\triage\Build.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3092
    • C:\Users\Admin\AppData\Local\Temp\triage\keygen.exe
      keygen -path C:\Users\Admin\AppData\Local\Temp\triage\Build -pubkey pub.key -privkey priv.key
      2⤵
        PID:1928
      • C:\Users\Admin\AppData\Local\Temp\triage\builder.exe
        builder -type dec -privkey C:\Users\Admin\AppData\Local\Temp\triage\Build\priv.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\triage\Build\LB3Decryptor.exe
        2⤵
          PID:740
        • C:\Users\Admin\AppData\Local\Temp\triage\builder.exe
          builder -type enc -exe -pubkey C:\Users\Admin\AppData\Local\Temp\triage\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\triage\Build\LB3.exe
          2⤵
            PID:4528
          • C:\Users\Admin\AppData\Local\Temp\triage\builder.exe
            builder -type enc -exe -pass -pubkey C:\Users\Admin\AppData\Local\Temp\triage\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\triage\Build\LB3_pass.exe
            2⤵
              PID:4600
            • C:\Users\Admin\AppData\Local\Temp\triage\builder.exe
              builder -type enc -dll -pubkey C:\Users\Admin\AppData\Local\Temp\triage\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\triage\Build\LB3_Rundll32.dll
              2⤵
                PID:888
              • C:\Users\Admin\AppData\Local\Temp\triage\builder.exe
                builder -type enc -dll -pass -pubkey C:\Users\Admin\AppData\Local\Temp\triage\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\triage\Build\LB3_Rundll32_pass.dll
                2⤵
                  PID:5040
                • C:\Users\Admin\AppData\Local\Temp\triage\builder.exe
                  builder -type enc -ref -pubkey C:\Users\Admin\AppData\Local\Temp\triage\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\triage\Build\LB3_ReflectiveDll_DllMain.dll
                  2⤵
                    PID:3364

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Temp\triage\Build\priv.key
                  Filesize

                  344B

                  MD5

                  d8ff4cec7972c9fcc56bff7564ace104

                  SHA1

                  da7ec111e060cb8a7ca6eb287e753db7aa80526c

                  SHA256

                  34de3052bbec0797dedd6509fab359ee3f14ab144907e341377d2c25bbf5e739

                  SHA512

                  428db941d90221c5f93164cb85948a7aa935ede8a305aa32930a0148b868d9645e060f7fcc02415755b0e4b60af5b07961ba321349eab8a64e93b319dac90581

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\triage\Build\pub.key
                  Filesize

                  344B

                  MD5

                  9b3efc3b76481d6a0b2b8b42d5c49da9

                  SHA1

                  f3af0535600750677e27fcb9cf4d8ff06402ecc9

                  SHA256

                  e6320fb1283b0cc4fd578121f512c78b2993ee078bfd6b57f12aa40cfb243fef

                  SHA512

                  aefdfd79da35378b6fab841736c721acca820735336843807fd0fb7ef74b092afb72adea88f19ffb12e818d4c0fdeaba4848f787a2c5bfa0ee91e250727ef312

                  Download Submit