Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
24/03/2024, 01:54
Static task
static1
Behavioral task
behavioral1
Sample
2024-03-24_c8d13f1c8afbe4f64f2b1d6bfef00342_karagany_mafia.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-03-24_c8d13f1c8afbe4f64f2b1d6bfef00342_karagany_mafia.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-03-24_c8d13f1c8afbe4f64f2b1d6bfef00342_karagany_mafia.exe
-
Size
250KB
-
MD5
c8d13f1c8afbe4f64f2b1d6bfef00342
-
SHA1
20f9b20da9ffc11eb18ddfb08d51e98500fcf4ad
-
SHA256
c32549f2b3140ab8637afefe3e5b8f2db5b1a47455f77e2a7b68a834a3f8c6bf
-
SHA512
f262d2640ea60890566dd4c4ef0a1be01ffd395de7f8006b3c4787ed28d0da6ebb17557c5e78b55902a4dcab52324ffbc820836f63eb6ba86c6668cd1f9de6e2
-
SSDEEP
3072:U/yK5d0Gj0+nY3uEBLvBNfdUR2/qFnB8o2+vU3WuvIBuj00nReaXkuSQ7cdOd3:U/y20Gj0r+EBFrkvlU3RvIUDOIN
Malware Config
Signatures
-
GandCrab payload 2 IoCs
resource yara_rule behavioral2/memory/2824-4-0x0000000000400000-0x0000000000444000-memory.dmp family_gandcrab behavioral2/memory/2824-5-0x0000000000510000-0x0000000000527000-memory.dmp family_gandcrab -
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
-
Detects Reflective DLL injection artifacts 2 IoCs
resource yara_rule behavioral2/memory/2824-4-0x0000000000400000-0x0000000000444000-memory.dmp INDICATOR_SUSPICIOUS_ReflectiveLoader behavioral2/memory/2824-5-0x0000000000510000-0x0000000000527000-memory.dmp INDICATOR_SUSPICIOUS_ReflectiveLoader -
Detects ransomware indicator 2 IoCs
resource yara_rule behavioral2/memory/2824-4-0x0000000000400000-0x0000000000444000-memory.dmp SUSP_RANSOMWARE_Indicator_Jul20 behavioral2/memory/2824-5-0x0000000000510000-0x0000000000527000-memory.dmp SUSP_RANSOMWARE_Indicator_Jul20 -
Gandcrab Payload 2 IoCs
resource yara_rule behavioral2/memory/2824-4-0x0000000000400000-0x0000000000444000-memory.dmp Gandcrab behavioral2/memory/2824-5-0x0000000000510000-0x0000000000527000-memory.dmp Gandcrab -
Program crash 1 IoCs
pid pid_target Process procid_target 2356 2824 WerFault.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-24_c8d13f1c8afbe4f64f2b1d6bfef00342_karagany_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-24_c8d13f1c8afbe4f64f2b1d6bfef00342_karagany_mafia.exe"1⤵PID:2824
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 4682⤵
- Program crash
PID:2356
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2824 -ip 28241⤵PID:4936