Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
127s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
26/08/2023, 13:00
Static task
static1
Behavioral task
behavioral1
Sample
a0372ef1031cff9bd3d8b2acc1e4725a_mafia_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
a0372ef1031cff9bd3d8b2acc1e4725a_mafia_JC.exe
Resource
win10v2004-20230703-en
General
-
Target
a0372ef1031cff9bd3d8b2acc1e4725a_mafia_JC.exe
-
Size
222KB
-
MD5
a0372ef1031cff9bd3d8b2acc1e4725a
-
SHA1
459c88a4dc35cf8e573c28e4f4f26864c7280033
-
SHA256
8ae1f273d0e5b6e5040f451d727f1283b0e5e487bbb90dab5ea096221991eae9
-
SHA512
24da5f5b2e687da6962fcc1d336dfcf640ef76d041b97b491c73c320439351133fd8e79a8496d4f936ec48e793f4c3ea58f386cc0357b058cc25a98da04c4e7c
-
SSDEEP
3072:pBbWxYKFDnqvffIj0nStxBN3cwqvcQr3YTfVEPnYbl3/YrDAEioKhAv/:pBkYKZSYYnS1xecmoT2nYbdEKs/
Malware Config
Signatures
-
GandCrab payload 2 IoCs
resource yara_rule behavioral2/memory/3868-3-0x0000000000400000-0x000000000043D000-memory.dmp family_gandcrab behavioral2/memory/3868-5-0x00000000021C0000-0x00000000021D7000-memory.dmp family_gandcrab -
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
-
Program crash 1 IoCs
pid pid_target Process procid_target 3492 3868 WerFault.exe 80
Processes
-
C:\Users\Admin\AppData\Local\Temp\a0372ef1031cff9bd3d8b2acc1e4725a_mafia_JC.exe"C:\Users\Admin\AppData\Local\Temp\a0372ef1031cff9bd3d8b2acc1e4725a_mafia_JC.exe"1⤵PID:3868
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 4522⤵
- Program crash
PID:3492
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3868 -ip 38681⤵PID:1828