Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

329D6F9DDB...I_I386

ubuntu-22.04-amd64

329D6F9DDB...XI_X64

ubuntu-24.04-amd64

8

LBB.exe

windows7-x64

9

LBB.exe

windows10-2004-x64

9

LBB_PS1.ps1

windows7-x64

5

LBB_PS1.ps1

windows10-2004-x64

9

LBB_PS1_ob...ed.ps1

windows7-x64

3

LBB_PS1_ob...ed.ps1

windows10-2004-x64

3

LBB_PS1_pass.ps1

windows7-x64

10

LBB_PS1_pass.ps1

windows10-2004-x64

10

LBB_Reflec...in.dll

windows7-x64

9

LBB_Reflec...in.dll

windows10-2004-x64

7

LBB_Rundll32.dll

windows7-x64

3

LBB_Rundll32.dll

windows10-2004-x64

3

LBB_Rundll32_pass.dll

windows7-x64

10

LBB_Rundll32_pass.dll

windows10-2004-x64

10

LBB_pass.exe

windows7-x64

10

LBB_pass.exe

windows10-2004-x64

10

FC8E43EC21...32.exe

windows7-x64

7

FC8E43EC21...32.exe

windows10-2004-x64

7

FC8E43EC21...64.exe

windows7-x64

7

FC8E43EC21...64.exe

windows10-2004-x64

7

Resubmissions

02/01/2025, 21:27 UTC

250102-1arsfawnat 10

21/12/2024, 14:36 UTC

241221-ryt32a1mhx 10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    21/12/2024, 14:36 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LBB_pass.exe

  • Size

    156KB

  • MD5

    0e38243dcb91851f0646140a16d6832d

  • SHA1

    d5a11399206c54ef1bd11945a5f6a0d721c4a6c9

  • SHA256

    635e9ca3baae7e32225f05d16159e339a297a4c1b749e5a8e81ffc8df3c5c37c

  • SHA512

    8198cf16b815c697e94b8b19b7555191189d6eba2e0bc2b5690277244dcf7da74907d95d8a10bb9bf43a23ae94e5fb57d062c00f947fe8558c9ef633bb066b0e

  • SSDEEP

    3072:iMvRBMY5u+t3YSs1C439/FgfDcTDnHNszfp0QoHkIgep3i8Skb4wE4Ab:ikBS+5YSsdLTH6zfQEupRUb

Score
10/10
lockbitdiscoveryransomware

Malware Config

Signatures

  • Lockbit

    Ransomware family with multiple variants released since late 2019.

    ransomwarelockbit
  • Lockbit family
    lockbit
  • Rule to detect Lockbit 3.0 ransomware Windows payload 2 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LBB_pass.exe
    "C:\Users\Admin\AppData\Local\Temp\LBB_pass.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 88
      2⤵
      • Program crash
      PID:2564

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2084-0-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2084-1-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.