b2c3beda4b000a3d9af0a457d6d942ec81696f3ed485f7cf723b18008a5f3d10

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08-07-2024 18:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LBLeak/Build.bat
Size

741B
MD5

4e46e28b2e61643f6af70a8b19e5cb1f
SHA1

804a1d0c4a280b18e778e4b97f85562fa6d5a4e6
SHA256

8e83a1727696ced618289f79674b97305d88beeeabf46bd25fc77ac53c1ae339
SHA512

009b17b515ff0ea612e54d8751eef07f1e2b54db07e6cd69a95e7adf775f3c79a0ea91bff2fe593f2314807fdc00c75d80f1807b7dbe90f0fcf94607e675047b

Score

1^/10

Malware Config

Signatures

Suspicious behavior: CmdExeWriteProcessMemorySpam 7 IoCs

pid	Process
1520	keygen.exe
2152	builder.exe
1860	builder.exe
2704	builder.exe
2608	builder.exe
2340	builder.exe
2624	builder.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 1520	2164	cmd.exe	32
PID 2164 wrote to memory of 1520	2164	cmd.exe	32
PID 2164 wrote to memory of 1520	2164	cmd.exe	32
PID 2164 wrote to memory of 1520	2164	cmd.exe	32
PID 2164 wrote to memory of 2152	2164	cmd.exe	33
PID 2164 wrote to memory of 2152	2164	cmd.exe	33
PID 2164 wrote to memory of 2152	2164	cmd.exe	33
PID 2164 wrote to memory of 2152	2164	cmd.exe	33
PID 2164 wrote to memory of 1860	2164	cmd.exe	34
PID 2164 wrote to memory of 1860	2164	cmd.exe	34
PID 2164 wrote to memory of 1860	2164	cmd.exe	34
PID 2164 wrote to memory of 1860	2164	cmd.exe	34
PID 2164 wrote to memory of 2704	2164	cmd.exe	35
PID 2164 wrote to memory of 2704	2164	cmd.exe	35
PID 2164 wrote to memory of 2704	2164	cmd.exe	35
PID 2164 wrote to memory of 2704	2164	cmd.exe	35
PID 2164 wrote to memory of 2608	2164	cmd.exe	36
PID 2164 wrote to memory of 2608	2164	cmd.exe	36
PID 2164 wrote to memory of 2608	2164	cmd.exe	36
PID 2164 wrote to memory of 2608	2164	cmd.exe	36
PID 2164 wrote to memory of 2340	2164	cmd.exe	37
PID 2164 wrote to memory of 2340	2164	cmd.exe	37
PID 2164 wrote to memory of 2340	2164	cmd.exe	37
PID 2164 wrote to memory of 2340	2164	cmd.exe	37
PID 2164 wrote to memory of 2624	2164	cmd.exe	38
PID 2164 wrote to memory of 2624	2164	cmd.exe	38
PID 2164 wrote to memory of 2624	2164	cmd.exe	38
PID 2164 wrote to memory of 2624	2164	cmd.exe	38

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\LBLeak\Build.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Users\Admin\AppData\Local\Temp\LBLeak\keygen.exe
  keygen -path C:\Users\Admin\AppData\Local\Temp\LBLeak\Build -pubkey pub.key -privkey priv.key
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:1520
- C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
  builder -type dec -privkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\priv.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3Decryptor.exe
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:2152
- C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
  builder -type enc -exe -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3.exe
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:1860
- C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
  builder -type enc -exe -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_pass.exe
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:2704
- C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
  builder -type enc -dll -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_Rundll32.dll
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:2608
- C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
  builder -type enc -dll -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_Rundll32_pass.dll
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:2340
- C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
  builder -type enc -ref -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_ReflectiveDll_DllMain.dll
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:2624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\priv.key

Filesize
344B

MD5
7667475902080cb1076f26c7bfade959

SHA1
f84e2c606764692aa2647181c37fb630af39085d

SHA256
73c77b0476503c491b8a53464bd40d4cc844a498bacd6cc9bc405796b2b58afa

SHA512
fe742987e5b53e93b2337ef921257fd1f44ae632e72239378e32c7d69debc0b44143ec23a9102869320faa4c153148b08fbfd88592c666f8b44dc5dca4e3c75a

Download Submit
C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key

Filesize
344B

MD5
ea47a3cc336539f388a0e07d6e99d7e2

SHA1
a40a9f5d70e2dfa26e417727da646ac9a4d7ee50

SHA256
49fe6c08de12231c2331c3360eff9d70f56127e1a4be2e0cb090df0528c4750a

SHA512
acc82b9a6c38c6748e1533ada8befff38328c780e518e3b2a1b4ba6dffa82a30e1f8579be7134ee9825d9bd213cffa0ee410d7873476c469989ef56cbd75261d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads