Analysis
-
max time kernel
125s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
22-06-2022 11:49
General
-
Target
2e309014d1091f1d90b5f66d09edb24e479fbd2a7815ac0c5cb5ae86aba58026.exe
-
Size
321KB
-
MD5
e7bef0f681d5c8583ecc4e0455b5384e
-
SHA1
ef3a17d0446bc8b05f3b3a673174cd8af05e299d
-
SHA256
2e309014d1091f1d90b5f66d09edb24e479fbd2a7815ac0c5cb5ae86aba58026
-
SHA512
95cd906b115a549b1ce42a87a657c934de2072aba6b3cfe4bf325852453b2071a3d4da28c031d362ffb4c0d175cb69423440b79aa4a53772b8999ce70c71b1f2
Score
10/10
Malware Config
Signatures
-
GandCrab Payload 2 IoCs
-
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
-
Program crash 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2e309014d1091f1d90b5f66d09edb24e479fbd2a7815ac0c5cb5ae86aba58026.exe"C:\Users\Admin\AppData\Local\Temp\2e309014d1091f1d90b5f66d09edb24e479fbd2a7815ac0c5cb5ae86aba58026.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 3842⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4400 -ip 44001⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4400-130-0x00000000005F0000-0x000000000060B000-memory.dmpFilesize
108KB
-
memory/4400-131-0x0000000000400000-0x000000000045F000-memory.dmpFilesize
380KB
-
memory/4400-132-0x0000000000400000-0x000000000045F000-memory.dmpFilesize
380KB
-
memory/4400-134-0x00000000021E0000-0x00000000021F7000-memory.dmpFilesize
92KB