Overview

overview

10

Static

static

10

LockBit-ma...ld.bat

windows7-x64

1

LockBit-ma...ld.bat

windows10-2004-x64

1

LockBit-ma...ME.vbs

windows7-x64

1

LockBit-ma...ME.vbs

windows10-2004-x64

1

LockBit-ma...er.exe

windows7-x64

1

LockBit-ma...er.exe

windows10-2004-x64

1

LockBit-ma...en.exe

windows7-x64

1

LockBit-ma...en.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    29s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    03-07-2024 11:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LockBit-main/Build.bat

  • Size

    1KB

  • MD5

    b8f24efd1d30aac9d360db90c8717aee

  • SHA1

    7d31372560f81ea24db57bb18d56143251a8b266

  • SHA256

    95df1d82137315708931f1fc3411e891cd42d1cab413d4380b479788729248ed

  • SHA512

    14ebf7905f15983593164d1c093bb99d098daf3963f1b7a913c1a9763acb950075a0d2cceab3558cce3e7269c2a2d5dacc2b3c6c55807b0b6bda6bfad62dd032

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: CmdExeWriteProcessMemorySpam 7 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\LockBit-main\Build.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Users\Admin\AppData\Local\Temp\LockBit-main\keygen.exe
      keygen -path Build -pubkey pub.key -privkey priv.key
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:2948
    • C:\Users\Admin\AppData\Local\Temp\LockBit-main\builder.exe
      builder -type dec -privkey Build\priv.key -config config.json -ofile Build\LB3Decryptor.exe
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:2332
    • C:\Users\Admin\AppData\Local\Temp\LockBit-main\builder.exe
      builder -type enc -exe -pubkey Build\pub.key -config config.json -ofile Build\LB3.exe
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:3040
    • C:\Users\Admin\AppData\Local\Temp\LockBit-main\builder.exe
      builder -type enc -exe -pass -pubkey Build\pub.key -config config.json -ofile Build\LB3_pass.exe
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:2340
    • C:\Users\Admin\AppData\Local\Temp\LockBit-main\builder.exe
      builder -type enc -dll -pubkey Build\pub.key -config config.json -ofile Build\LB3_Rundll32.dll
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:2524
    • C:\Users\Admin\AppData\Local\Temp\LockBit-main\builder.exe
      builder -type enc -dll -pass -pubkey Build\pub.key -config config.json -ofile Build\LB3_Rundll32_pass.dll
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:2640
    • C:\Users\Admin\AppData\Local\Temp\LockBit-main\builder.exe
      builder -type enc -ref -pubkey Build\pub.key -config config.json -ofile Build\LB3_ReflectiveDll_DllMain.dll
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:2656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\LockBit-main\Build\priv.key
    Filesize

    344B

    MD5

    53ad903aaac54a82a93fc283fe7346fb

    SHA1

    d0214db9ab2ad8a1813e176db9b71ef4a64d770d

    SHA256

    d986fc84c54af6ef03c5bb4b525b9f85032a4486198387ba5f0b707c3c1a0a7b

    SHA512

    b21cbad022a26848c1f72d17a4435c028998707d0bed72fae73a9c32358d459e4a7650f683afa292f949c44eda9b112ce3f8101aaf33284b25bcdba6fc40c386

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\LockBit-main\Build\pub.key
    Filesize

    344B

    MD5

    958c38b3c41bd3ca602d98156086052f

    SHA1

    9bf0f92cc5206376a57297ef2f1927057e8508be

    SHA256

    89bcb4b2cb1fcaf397a02cee660b1f249a2719c75882607ec461fc241940f84b

    SHA512

    b35e9d2eaacf8b607628f08f5e9faab7f58c909465ceb4e3514b34afb6f7c5c66b0fbf6fa2337e12dc0a9a8cd9ce3c76d49bb0fbb2d99429dca9e6222bbeb578

    Download Submit