gandcrab | 3672b1bbd1f3d380972c54324eb814cd582894cc6b22743955e70e741b5085e1 | Triage

Analysis

max time kernel
142s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
26-06-2022 02:31

Sharing

Report Analysis Logs

General

Target

3672b1bbd1f3d380972c54324eb814cd582894cc6b22743955e70e741b5085e1.exe
Size

283KB
MD5

1ecde1b4671e02670b350ba0d32f5968
SHA1

284a5ee7a53ea9f859b5b78b9b831e65f452a956
SHA256

3672b1bbd1f3d380972c54324eb814cd582894cc6b22743955e70e741b5085e1
SHA512

955439223608799b6e6266ed698c717eb28c445697551165578b9103335295a040154c0df5fe43142ebba792ef479db6d691f4db2d22fa0e4b1a79c57e296eed

Score

10^/10

gandcrab backdoor ransomware

Malware Config

Signatures

GandCrab Payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1140-130-0x0000000000400000-0x0000000000492000-memory.dmp	family_gandcrab
behavioral2/memory/1140-133-0x0000000002230000-0x0000000002247000-memory.dmp	family_gandcrab

Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
ransomware backdoor gandcrab
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2240 1140 WerFault.exe 3672b1bbd1f3d380972c54324eb814cd582894cc6b22743955e70e741b5085e1.exe

C:\Users\Admin\AppData\Local\Temp\3672b1bbd1f3d380972c54324eb814cd582894cc6b22743955e70e741b5085e1.exe
"C:\Users\Admin\AppData\Local\Temp\3672b1bbd1f3d380972c54324eb814cd582894cc6b22743955e70e741b5085e1.exe"
1⤵
PID:1140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 384
2⤵
- Program crash
PID:2240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1140 -ip 1140
1⤵
PID:504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1140-130-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/1140-132-0x00000000021D0000-0x00000000021EB000-memory.dmp

Filesize
108KB

Download
memory/1140-133-0x0000000002230000-0x0000000002247000-memory.dmp

Filesize
92KB

Download