5b104ec42d1259f7fc22e5a209a50cd344448a6a17052ae82d614a49b609e8c3

Analysis

max time kernel
120s
max time network
136s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
24-07-2023 12:31

Target

2023-07-12_2670e447e4562ec7e7aa04a8c93d69d4_gandcrab.exe
Size

155KB
MD5

2670e447e4562ec7e7aa04a8c93d69d4
SHA1

096a44a8e373dadb1d0f96c979c5a32b5a692f4a
SHA256

5b104ec42d1259f7fc22e5a209a50cd344448a6a17052ae82d614a49b609e8c3
SHA512

2250dcca9e4f55358ea633c6b40133bb5408e699e6bcc1138f06215fd7c846de5d7d9348de752050992abecad24ece455ac5502a4047e067f85406dcfdc6d52c
SSDEEP

3072:l5K/B0toLFSNJGlZHQsozTS+SMqqDL2/TrKnzG:lcytwYq1yTS+xqqDL6HK6

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1188	2072	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 1188	2072	2023-07-12_2670e447e4562ec7e7aa04a8c93d69d4_gandcrab.exe	28
PID 2072 wrote to memory of 1188	2072	2023-07-12_2670e447e4562ec7e7aa04a8c93d69d4_gandcrab.exe	28
PID 2072 wrote to memory of 1188	2072	2023-07-12_2670e447e4562ec7e7aa04a8c93d69d4_gandcrab.exe	28
PID 2072 wrote to memory of 1188	2072	2023-07-12_2670e447e4562ec7e7aa04a8c93d69d4_gandcrab.exe	28

C:\Users\Admin\AppData\Local\Temp\2023-07-12_2670e447e4562ec7e7aa04a8c93d69d4_gandcrab.exe
"C:\Users\Admin\AppData\Local\Temp\2023-07-12_2670e447e4562ec7e7aa04a8c93d69d4_gandcrab.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 88
  2⤵
  - Program crash
  PID:1188