Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
126s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
19/08/2023, 13:27
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe
Resource
win7-20230712-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe
Resource
win10v2004-20230703-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe
-
Size
300KB
-
MD5
40bdca671213c2ed28ee28f48a9dfd1b
-
SHA1
f6f1d72a62b7b7fd2888e1a3d3aeffa291c9d292
-
SHA256
e612e8fe9760b1ffcecd1f8ce6aad8a886ba92d742456d63b07e067c6ee0f1db
-
SHA512
b8a141e6c1552f1551411a588e643e8289777fed1fdbdb89ed685b633a667b943fbfa8412b201440498d61b0afcdd06f92ec9b58ba1ce5ce60e3937ea74f0499
-
SSDEEP
6144:GvEANMO1UnseVgkV0xwvfxnhLTiusLe1740N:puM0Unsna5mut40N
Score
10/10
Malware Config
Signatures
-
GandCrab payload 2 IoCs
resource yara_rule behavioral2/memory/2540-134-0x0000000000400000-0x0000000003B9B000-memory.dmp family_gandcrab behavioral2/memory/2540-136-0x00000000059A0000-0x00000000059B7000-memory.dmp family_gandcrab -
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
-
Program crash 1 IoCs
pid pid_target Process procid_target 3772 2540 WerFault.exe 80 -
Suspicious use of SetWindowsHookAW 64 IoCs
pid Process 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe 2540 40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe"C:\Users\Admin\AppData\Local\Temp\40bdca671213c2ed28ee28f48a9dfd1b_mafia_JC.exe"1⤵
- Suspicious use of SetWindowsHookAW
PID:2540 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 4882⤵
- Program crash
PID:3772
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2540 -ip 25401⤵PID:1596