Overview

overview

10

Static

static

10

36c3-malwa.../1.exe

windows7_x64

10

36c3-malwa.../1.exe

windows10-2004_x64

10

36c3-malwa...86.exe

windows7_x64

10

36c3-malwa...86.exe

windows10-2004_x64

10

36c3-malwa...52.dll

windows7_x64

1

36c3-malwa...52.dll

windows10-2004_x64

6

36c3-malwa...V2.exe

windows7_x64

10

36c3-malwa...V2.exe

windows10-2004_x64

10

36c3-malwa....9.exe

windows7_x64

10

36c3-malwa....9.exe

windows10-2004_x64

10

36c3-malwa...aa.exe

windows7_x64

10

36c3-malwa...aa.exe

windows10-2004_x64

10

36c3-malwa...ty.exe

windows7_x64

10

36c3-malwa...ty.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    56s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    03-06-2022 02:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36c3-malwarexchg-part3/GandCrabV5.0.9.exe

  • Size

    165KB

  • MD5

    119fc3356fd91b84ce3195f4914ce53e

  • SHA1

    e71024b789e25f79b50b9d79409ba0c85597cf35

  • SHA256

    bd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3

  • SHA512

    44495f89eb6f8942dc63b1d70c8202b7ca3bcec0e7f35be4e10b13f28de01deee254435549c85c13a468bb713f558c0efab6c702ca69ea8ebe1cc9360aeb132f

Score
10/10
ransomwareupx

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\!!ÊàêÐàñøèôðîâàòüÝòóÏàðàøó.txt

Ransom Note
You files have been encrypted using RC6 Algorythm. For decrypt contact to adren.kutospov.97@tutanota.com You have a 10 hours to contact us. If your contacts after 10 hours - your files has flushed to toilet!
Emails

adren.kutospov.97@tutanota.com

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\36c3-malwarexchg-part3\GandCrabV5.0.9.exe
    "C:\Users\Admin\AppData\Local\Temp\36c3-malwarexchg-part3\GandCrabV5.0.9.exe"
    1⤵
      PID:1764

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1764-54-0x0000000076851000-0x0000000076853000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1764-55-0x0000000000400000-0x000000000046F000-memory.dmp
      Filesize

      444KB

      Download
    • memory/1764-56-0x0000000000400000-0x000000000046F000-memory.dmp
      Filesize

      444KB

      Download