Analysis
-
max time kernel
79s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
25-06-2022 08:18
General
-
Target
3f4c94faf4e9a075187e819c7ede5d194f93f51f874200ba8836ff1696db7a5e.exe
-
Size
318KB
-
MD5
ecfc9ef3af98618cdb04fa5531dd456e
-
SHA1
e9ffecf6cb8c62f9f0724207eac43f45ac2f860c
-
SHA256
3f4c94faf4e9a075187e819c7ede5d194f93f51f874200ba8836ff1696db7a5e
-
SHA512
62d6d81e6176bdef3d8544cff2195c96bbccb13104d18d76aaa28ab651162f364187eb4078632edba5af39ed39b3e21052f93202600b09c6077ec07cdcc7d34c
Score
10/10
Malware Config
Signatures
-
GandCrab Payload 2 IoCs
-
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
-
Program crash 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3f4c94faf4e9a075187e819c7ede5d194f93f51f874200ba8836ff1696db7a5e.exe"C:\Users\Admin\AppData\Local\Temp\3f4c94faf4e9a075187e819c7ede5d194f93f51f874200ba8836ff1696db7a5e.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 4682⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4180 -ip 41801⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4180-131-0x00000000015FF000-0x000000000161B000-memory.dmpFilesize
112KB
-
memory/4180-130-0x0000000000400000-0x00000000012D5000-memory.dmpFilesize
14.8MB
-
memory/4180-133-0x00000000015A0000-0x00000000015B7000-memory.dmpFilesize
92KB
-
memory/4180-134-0x00000000015FF000-0x000000000161B000-memory.dmpFilesize
112KB