Resubmissions

08-09-2024 03:04

240908-dk13jatgjb 10

08-09-2024 01:42

240908-b4rl4azdmh 10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-09-2024 03:04

General

  • Target

    LBB_pass.exe

  • Size

    141KB

  • MD5

    ecccac5d8de56c9a28b91ab1bda23c16

  • SHA1

    20f2811da9b151b34ae7c257ec672a0c1d3f60ee

  • SHA256

    336c36746aeee4e0753f5bf90a4429f0e91468ff02ed00c62559ea1e29b333a2

  • SHA512

    1e0a5432c382be17f11a4d4772c8d4d3b6359fe90dbb25d250e480a2439cd8d108cb725a64777be3765afdd9ec03b1f7aef3b94c58a45bfc5dc74c8633463c54

  • SSDEEP

    3072:OFtQp4qavvr9EycFur+6LZEzHzDkDd0+NiJ5c14VTDxqvUqN:gQp47vGIrZEjzgDd0+6VTDE

Malware Config

Signatures

  • Lockbit

    Ransomware family with multiple variants released since late 2019.

  • Rule to detect Lockbit 3.0 ransomware Windows payload 2 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\LBB_pass.exe
    "C:\Users\Admin\AppData\Local\Temp\LBB_pass.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3476
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 264
      2⤵
      • Program crash
      PID:2524
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3476 -ip 3476
    1⤵
      PID:1868

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3476-0-0x0000000000400000-0x0000000000427000-memory.dmp

      Filesize

      156KB

    • memory/3476-1-0x0000000000400000-0x0000000000427000-memory.dmp

      Filesize

      156KB