927dd3ac3ad5aa991ee543c6d169272ebef41b984d60a79bff77bfdaa9f10e52

Analysis

max time kernel
143s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24/07/2023, 12:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2023-07-14_81b33114ce67e15b5d79d1dd2f8718b9_gandcrab.exe
Size

155KB
MD5

81b33114ce67e15b5d79d1dd2f8718b9
SHA1

204313aa4850c8f94af9b9a592714a189cbc8b03
SHA256

927dd3ac3ad5aa991ee543c6d169272ebef41b984d60a79bff77bfdaa9f10e52
SHA512

6d14d8aac4f49b98e06208273db112a8cd74600b5bdbb762f2df47c020a783fdccb05ae6e7c4cec9ce4a2cd3d825f4fc0eec023519af10cdc884a4b62d4cf464
SSDEEP

3072:l5K/B0toLnSNJ+lZHQsozTS+SMqqDL2/TrKEDG:lcytwq+1yTS+xqqDL6HKZ

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4076	3160	WerFault.exe	84

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4484	svchost.exe

C:\Users\Admin\AppData\Local\Temp\2023-07-14_81b33114ce67e15b5d79d1dd2f8718b9_gandcrab.exe
"C:\Users\Admin\AppData\Local\Temp\2023-07-14_81b33114ce67e15b5d79d1dd2f8718b9_gandcrab.exe"
1⤵
PID:3160
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 252
  2⤵
  - Program crash
  PID:4076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3160 -ip 3160
1⤵
PID:2284

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4144

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4484-133-0x0000018FBF240000-0x0000018FBF250000-memory.dmp

Filesize
64KB

Download
memory/4484-149-0x0000018FBF340000-0x0000018FBF350000-memory.dmp

Filesize
64KB

Download
memory/4484-165-0x0000018FC78E0000-0x0000018FC78E1000-memory.dmp

Filesize
4KB

Download
memory/4484-166-0x0000018FC7900000-0x0000018FC7901000-memory.dmp

Filesize
4KB

Download
memory/4484-167-0x0000018FC7900000-0x0000018FC7901000-memory.dmp

Filesize
4KB

Download
memory/4484-168-0x0000018FC7900000-0x0000018FC7901000-memory.dmp

Filesize
4KB

Download
memory/4484-169-0x0000018FC7900000-0x0000018FC7901000-memory.dmp

Filesize
4KB

Download
memory/4484-170-0x0000018FC7900000-0x0000018FC7901000-memory.dmp

Filesize
4KB

Download
memory/4484-171-0x0000018FC7900000-0x0000018FC7901000-memory.dmp

Filesize
4KB

Download
memory/4484-172-0x0000018FC7900000-0x0000018FC7901000-memory.dmp

Filesize
4KB

Download
memory/4484-173-0x0000018FC7900000-0x0000018FC7901000-memory.dmp

Filesize
4KB

Download
memory/4484-174-0x0000018FC7900000-0x0000018FC7901000-memory.dmp

Filesize
4KB

Download
memory/4484-175-0x0000018FC7900000-0x0000018FC7901000-memory.dmp

Filesize
4KB

Download
memory/4484-176-0x0000018FC7530000-0x0000018FC7531000-memory.dmp

Filesize
4KB

Download
memory/4484-177-0x0000018FC7520000-0x0000018FC7521000-memory.dmp

Filesize
4KB

Download
memory/4484-179-0x0000018FC7530000-0x0000018FC7531000-memory.dmp

Filesize
4KB

Download
memory/4484-182-0x0000018FC7520000-0x0000018FC7521000-memory.dmp

Filesize
4KB

Download
memory/4484-185-0x0000018FC7460000-0x0000018FC7461000-memory.dmp

Filesize
4KB

Download
memory/4484-197-0x0000018FC7660000-0x0000018FC7661000-memory.dmp

Filesize
4KB

Download
memory/4484-199-0x0000018FC7670000-0x0000018FC7671000-memory.dmp

Filesize
4KB

Download
memory/4484-200-0x0000018FC7670000-0x0000018FC7671000-memory.dmp

Filesize
4KB

Download
memory/4484-201-0x0000018FC7780000-0x0000018FC7781000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads