Analysis
-
max time kernel
76s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
26-06-2022 23:01
Static task
static1
Behavioral task
behavioral1
Sample
35cceac6180bfc5ae3489bfec867256d504d1c287a069cfaf6e7f493ffeb1624.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
35cceac6180bfc5ae3489bfec867256d504d1c287a069cfaf6e7f493ffeb1624.exe
Resource
win10v2004-20220414-en
General
-
Target
35cceac6180bfc5ae3489bfec867256d504d1c287a069cfaf6e7f493ffeb1624.exe
-
Size
69KB
-
MD5
c6fb5ab46201be7b305064894d375bd3
-
SHA1
fb57829e9988e72a9ccbe0cf1cc62fd3317c02f7
-
SHA256
35cceac6180bfc5ae3489bfec867256d504d1c287a069cfaf6e7f493ffeb1624
-
SHA512
6cfee532d1d6e71225364828c1c81c5e75aedbf6850b70e82f6969b13ecb190938748099ddf3427e9cd16e095cfd57dccbee7eea8650cf2e34e25338d7f3707c
Malware Config
Signatures
-
GandCrab Payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/1876-130-0x000000000FC80000-0x000000000FC96000-memory.dmp family_gandcrab -
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2952 1876 WerFault.exe 35cceac6180bfc5ae3489bfec867256d504d1c287a069cfaf6e7f493ffeb1624.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\35cceac6180bfc5ae3489bfec867256d504d1c287a069cfaf6e7f493ffeb1624.exe"C:\Users\Admin\AppData\Local\Temp\35cceac6180bfc5ae3489bfec867256d504d1c287a069cfaf6e7f493ffeb1624.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 3442⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1876 -ip 18761⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1876-130-0x000000000FC80000-0x000000000FC96000-memory.dmpFilesize
88KB