Analysis
-
max time kernel
92s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
25-11-2024 01:10
General
-
Target
ransom/Build/LB3_pass.exe
-
Size
141KB
-
MD5
85fbdd693c11767ae0f2ae519b4df7a2
-
SHA1
1598ea54fec9894888262976f2fdd71420eb3130
-
SHA256
173f5533ad95e05c7a89a842f7923b23cc1b41c48221ff3262e82c847db1d409
-
SHA512
a3ad65b7bc2d2850906d02c0c9ea18580e21d5e0c8c0868b5865ce73acfd2c550dbc3c4d79fa63ede0d4607bbcb9380841ac0f893aeddf09c1a9ed75ff8b98f5
-
SSDEEP
3072:ifGQiJ+A2qUO9XFyKoP7C1aGTnKsXGQe7bHw7/d4f4fb3Du8vVmB4xPMG+4wHTZi:I/iQA2qUO9VZKCQUnKKGLbHt4Du8tH+s
Score
10/10
Malware Config
Signatures
-
Lockbit
Ransomware family with multiple variants released since late 2019.
-
Lockbit family
-
Rule to detect Lockbit 3.0 ransomware Windows payload 2 IoCs
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\ransom\Build\LB3_pass.exe"C:\Users\Admin\AppData\Local\Temp\ransom\Build\LB3_pass.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 2642⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2016 -ip 20161⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
156KB
-
Filesize
156KB