Overview

overview

10

Static

static

3

2024-03-13...ia.exe

windows7-x64

10

2024-03-13...ia.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    154s
  • max time network
    206s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2024, 20:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-13_3922dbeb90b842a7f55959b171047597_karagany_mafia.exe

  • Size

    308KB

  • MD5

    3922dbeb90b842a7f55959b171047597

  • SHA1

    e674effcbd21a0a26842bd07b67196f9f5ff90f8

  • SHA256

    6831771a2c041567dea81a166538a50d4a5d1341339a342ed4537dfbfc652699

  • SHA512

    2682aabf50cfe1080c51e38653a772b926dae2956833a7da6edbf5fe4b63656096214f0fbe139a2a6c2c3bcfd56cfaa181d4e40f29a10916c088c2ed66068600

  • SSDEEP

    6144:JzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:XDHNam62ZdKmZmuPH

Score
10/10
gandcrabbackdoorransomware

Malware Config

Signatures

  • GandCrab payload 2 IoCs
  • Gandcrab

    Gandcrab is a Trojan horse that encrypts files on a computer.

    ransomwarebackdoorgandcrab
  • Detects Reflective DLL injection artifacts 2 IoCs
  • Detects ransomware indicator 1 IoCs
  • Gandcrab Payload 2 IoCs
  • Program crash 1 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-13_3922dbeb90b842a7f55959b171047597_karagany_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-13_3922dbeb90b842a7f55959b171047597_karagany_mafia.exe"
    1⤵
    • Checks processor information in registry
    PID:4908
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 500
      2⤵
      • Program crash
      PID:4984
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4908 -ip 4908
    1⤵
      PID:2568

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4908-1-0x000000000AAE0000-0x000000000ABE0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4908-2-0x0000000000400000-0x0000000001400000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/4908-4-0x000000000AA90000-0x000000000AAA7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/4908-9-0x000000000AAE0000-0x000000000ABE0000-memory.dmp

      Filesize

      1024KB

      Download