e701518928403acbc237279270a333ae9a987329e3784cfce4e407da052ae3c2

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
01-09-2024 08:21

Target

2024-09-01_cb857b88f3e2d1770fd84f785491cc8c_lockbit.exe
Size

146KB
MD5

cb857b88f3e2d1770fd84f785491cc8c
SHA1

8f01c8b334b1c7c1cc9509e07f9a1fc5bd3ccbdb
SHA256

e701518928403acbc237279270a333ae9a987329e3784cfce4e407da052ae3c2
SHA512

b664178b89ee4ea1db2b119a8101b4273b8a0194997b8019c27cba4432cac1c0152b2f2e860821b1cba2b2e80fb3322746ed3b8d937ed6dc0e6a49eb06b62a9b
SSDEEP

3072:xZIuid1XBwSYyC7B/4ZIltOqecMrCciQpYl7Cv+sl:s1XBwSY3htlO9pOA

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2620 wrote to memory of 2692	2620	2024-09-01_cb857b88f3e2d1770fd84f785491cc8c_lockbit.exe	32
PID 2620 wrote to memory of 2692	2620	2024-09-01_cb857b88f3e2d1770fd84f785491cc8c_lockbit.exe	32
PID 2620 wrote to memory of 2692	2620	2024-09-01_cb857b88f3e2d1770fd84f785491cc8c_lockbit.exe	32

C:\Users\Admin\AppData\Local\Temp\2024-09-01_cb857b88f3e2d1770fd84f785491cc8c_lockbit.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-01_cb857b88f3e2d1770fd84f785491cc8c_lockbit.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2620
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2620 -s 144
  2⤵
  PID:2692

memory/2620-0-0x000000013F0A0000-0x000000013F0CA000-memory.dmp

Filesize
168KB

Download