Analysis
-
max time kernel
95s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
03-07-2022 05:48
Static task
static1
Behavioral task
behavioral1
Sample
3ca4020551bfda5ad08253c4248545eecbffb74f3cfd8eac3e7734eb383827e7.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3ca4020551bfda5ad08253c4248545eecbffb74f3cfd8eac3e7734eb383827e7.exe
Resource
win10v2004-20220414-en
General
-
Target
3ca4020551bfda5ad08253c4248545eecbffb74f3cfd8eac3e7734eb383827e7.exe
-
Size
243KB
-
MD5
9b0653866e42c32d2af4affa0a6e944b
-
SHA1
9d356238ff76e61e03eceff15e51560a30ca4114
-
SHA256
3ca4020551bfda5ad08253c4248545eecbffb74f3cfd8eac3e7734eb383827e7
-
SHA512
fe16c546e0e478916461ea7e108fc28f011254e5c2ccbd4d1d29a0c9ac8269279613a0dbef9dabd587f1fbfd151e979ad458b4b451072a8008e3daba39bb35ca
Malware Config
Signatures
-
GandCrab Payload 3 IoCs
Processes:
resource yara_rule behavioral2/memory/4892-131-0x0000000000400000-0x0000000000499000-memory.dmp family_gandcrab behavioral2/memory/4892-133-0x0000000000730000-0x0000000000747000-memory.dmp family_gandcrab behavioral2/memory/4892-135-0x0000000000400000-0x0000000000499000-memory.dmp family_gandcrab -
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
-
Drops file in Windows directory 1 IoCs
Processes:
3ca4020551bfda5ad08253c4248545eecbffb74f3cfd8eac3e7734eb383827e7.exedescription ioc process File opened for modification C:\Windows\win.ini 3ca4020551bfda5ad08253c4248545eecbffb74f3cfd8eac3e7734eb383827e7.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4308 4892 WerFault.exe 3ca4020551bfda5ad08253c4248545eecbffb74f3cfd8eac3e7734eb383827e7.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3ca4020551bfda5ad08253c4248545eecbffb74f3cfd8eac3e7734eb383827e7.exe"C:\Users\Admin\AppData\Local\Temp\3ca4020551bfda5ad08253c4248545eecbffb74f3cfd8eac3e7734eb383827e7.exe"1⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 4962⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4892 -ip 48921⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4892-130-0x00000000005E0000-0x00000000005FB000-memory.dmpFilesize
108KB
-
memory/4892-131-0x0000000000400000-0x0000000000499000-memory.dmpFilesize
612KB
-
memory/4892-133-0x0000000000730000-0x0000000000747000-memory.dmpFilesize
92KB
-
memory/4892-134-0x00000000005E0000-0x00000000005FB000-memory.dmpFilesize
108KB
-
memory/4892-135-0x0000000000400000-0x0000000000499000-memory.dmpFilesize
612KB