gandcrab | 1380-56-0x0000000000400000-0x000000000045F000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1380-56-0x0000000000400000-0x000000000045F000-memory.dmp
Size

380KB
MD5

0684d90bb015fe710ebc5df402cbd8d0
SHA1

6d5f17d2ae85df2146beb3052ae06890e75ec2eb
SHA256

106e1291d57dd42cc55899804a1b5488467725bdd13a5a2eec6a40bc1ce03077
SHA512

758f01fb4bbebf932a8c44bb580f30bfd2661023fcc1392a300b91f8a074f856088e5e72678a28ab6d93caa1f5d711408e6954861a3efb9dd35c5db4cc355445
SSDEEP

6144:lcytwdr1yTS+xqqDL6HKKxvIV/QHxOtJkkgYsGGdzK:CyMr1Rqn6qKG4Hsi+

Score

10^/10

gandcrab

Malware Config

Signatures

GandCrab payload 1 IoCs

resource	yara_rule
sample	family_gandcrab

Gandcrab family
gandcrab

Files

1380-56-0x0000000000400000-0x000000000045F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ