8a83109dea45dc5badd6d2c597b0273b99e1c3f094140b732624e2a2e41b5ff6

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
31/10/2023, 17:38

Target

NEAS.2023-09-07_36c1a1bbf28dd03540f46bd45aca3671_gandcrab_JC.exe
Size

155KB
MD5

36c1a1bbf28dd03540f46bd45aca3671
SHA1

80a5d871249c19cb6559946babfefcf6ae27c37a
SHA256

8a83109dea45dc5badd6d2c597b0273b99e1c3f094140b732624e2a2e41b5ff6
SHA512

1e9bdcb4d99c10737ee35eb62c9a4f5b38faaa57d5215bffed0e9e3519946b74cc8de94310d9f0bcf33f7fb308ae8d6a154bf2948e73ac248e7009508f267220
SSDEEP

3072:l5K/B0toLUSNJGlZHQsozTS+SMqqDL2/TrKoAG:lcytw5e1yTS+xqqDL6HKS

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2032	3048	WerFault.exe	24

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2032	3048	NEAS.2023-09-07_36c1a1bbf28dd03540f46bd45aca3671_gandcrab_JC.exe	28
PID 3048 wrote to memory of 2032	3048	NEAS.2023-09-07_36c1a1bbf28dd03540f46bd45aca3671_gandcrab_JC.exe	28
PID 3048 wrote to memory of 2032	3048	NEAS.2023-09-07_36c1a1bbf28dd03540f46bd45aca3671_gandcrab_JC.exe	28
PID 3048 wrote to memory of 2032	3048	NEAS.2023-09-07_36c1a1bbf28dd03540f46bd45aca3671_gandcrab_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-07_36c1a1bbf28dd03540f46bd45aca3671_gandcrab_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-07_36c1a1bbf28dd03540f46bd45aca3671_gandcrab_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 88
  2⤵
  - Program crash
  PID:2032