gandcrab | 35cceac6180bfc5ae3489bfec867256d504d1c287a069cfaf6e7f493ffeb1624 | Triage

Analysis

max time kernel
76s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
26-06-2022 23:01

Sharing

Report Analysis Logs

General

Target

35cceac6180bfc5ae3489bfec867256d504d1c287a069cfaf6e7f493ffeb1624.exe
Size

69KB
MD5

c6fb5ab46201be7b305064894d375bd3
SHA1

fb57829e9988e72a9ccbe0cf1cc62fd3317c02f7
SHA256

35cceac6180bfc5ae3489bfec867256d504d1c287a069cfaf6e7f493ffeb1624
SHA512

6cfee532d1d6e71225364828c1c81c5e75aedbf6850b70e82f6969b13ecb190938748099ddf3427e9cd16e095cfd57dccbee7eea8650cf2e34e25338d7f3707c

Score

10^/10

gandcrab backdoor ransomware

Malware Config

Signatures

GandCrab Payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1876-130-0x000000000FC80000-0x000000000FC96000-memory.dmp	family_gandcrab

Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
ransomware backdoor gandcrab
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2952 1876 WerFault.exe 35cceac6180bfc5ae3489bfec867256d504d1c287a069cfaf6e7f493ffeb1624.exe

C:\Users\Admin\AppData\Local\Temp\35cceac6180bfc5ae3489bfec867256d504d1c287a069cfaf6e7f493ffeb1624.exe
"C:\Users\Admin\AppData\Local\Temp\35cceac6180bfc5ae3489bfec867256d504d1c287a069cfaf6e7f493ffeb1624.exe"
1⤵
PID:1876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 344
2⤵
- Program crash
PID:2952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1876 -ip 1876
1⤵
PID:3308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1876-130-0x000000000FC80000-0x000000000FC96000-memory.dmp

Filesize
88KB

Download