Overview

overview

10

Static

static

41b5e62393...c2.exe

windows7_x64

10

41b5e62393...c2.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    143s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    08-07-2022 04:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41b5e623939fabff5a9022fa72f6ab93a3b35c38be67506afea7a236593a16c2.exe

  • Size

    302KB

  • MD5

    6c22dc137d4ea08ea8a00450bfc681ca

  • SHA1

    6015f33b32d6794ac9c60c30e088eff55e0c1669

  • SHA256

    41b5e623939fabff5a9022fa72f6ab93a3b35c38be67506afea7a236593a16c2

  • SHA512

    46fca531d546434c6547e4ba36526f031514d086f9e8be6b7512d5ccc880e6fb18c99b7713e7d8cbeae1f0b0c18c49aced0bbff3b666883c2a82f3a39ae5df43

Score
10/10
gandcrabbackdoorransomware

Malware Config

Signatures

  • GandCrab payload 3 IoCs
  • Gandcrab

    Gandcrab is a Trojan horse that encrypts files on a computer.

    ransomwarebackdoorgandcrab
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41b5e623939fabff5a9022fa72f6ab93a3b35c38be67506afea7a236593a16c2.exe
    "C:\Users\Admin\AppData\Local\Temp\41b5e623939fabff5a9022fa72f6ab93a3b35c38be67506afea7a236593a16c2.exe"
    1⤵
      PID:2672
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 476
        2⤵
        • Program crash
        PID:4416
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2672 -ip 2672
      1⤵
        PID:4244

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2672-130-0x0000000000730000-0x000000000074B000-memory.dmp
        Filesize

        108KB

        Download
      • memory/2672-131-0x0000000000400000-0x0000000000496000-memory.dmp
        Filesize

        600KB

        Download
      • memory/2672-132-0x0000000000400000-0x0000000000496000-memory.dmp
        Filesize

        600KB

        Download
      • memory/2672-134-0x0000000002210000-0x0000000002227000-memory.dmp
        Filesize

        92KB

        Download
      • memory/2672-135-0x0000000000730000-0x000000000074B000-memory.dmp
        Filesize

        108KB

        Download
      • memory/2672-136-0x0000000000400000-0x0000000000496000-memory.dmp
        Filesize

        600KB

        Download