Analysis
-
max time kernel
142s -
max time network
178s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
26-06-2022 02:31
Static task
static1
Behavioral task
behavioral1
Sample
3672b1bbd1f3d380972c54324eb814cd582894cc6b22743955e70e741b5085e1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3672b1bbd1f3d380972c54324eb814cd582894cc6b22743955e70e741b5085e1.exe
Resource
win10v2004-20220414-en
General
-
Target
3672b1bbd1f3d380972c54324eb814cd582894cc6b22743955e70e741b5085e1.exe
-
Size
283KB
-
MD5
1ecde1b4671e02670b350ba0d32f5968
-
SHA1
284a5ee7a53ea9f859b5b78b9b831e65f452a956
-
SHA256
3672b1bbd1f3d380972c54324eb814cd582894cc6b22743955e70e741b5085e1
-
SHA512
955439223608799b6e6266ed698c717eb28c445697551165578b9103335295a040154c0df5fe43142ebba792ef479db6d691f4db2d22fa0e4b1a79c57e296eed
Malware Config
Signatures
-
GandCrab Payload 2 IoCs
Processes:
resource yara_rule behavioral2/memory/1140-130-0x0000000000400000-0x0000000000492000-memory.dmp family_gandcrab behavioral2/memory/1140-133-0x0000000002230000-0x0000000002247000-memory.dmp family_gandcrab -
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2240 1140 WerFault.exe 3672b1bbd1f3d380972c54324eb814cd582894cc6b22743955e70e741b5085e1.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3672b1bbd1f3d380972c54324eb814cd582894cc6b22743955e70e741b5085e1.exe"C:\Users\Admin\AppData\Local\Temp\3672b1bbd1f3d380972c54324eb814cd582894cc6b22743955e70e741b5085e1.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 3842⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1140 -ip 11401⤵