Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
115s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29/03/2024, 01:36
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3802078969745db373c08aad4c6dfc12.exe
Resource
win7-20240221-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
3802078969745db373c08aad4c6dfc12.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
3802078969745db373c08aad4c6dfc12.exe
-
Size
300KB
-
MD5
3802078969745db373c08aad4c6dfc12
-
SHA1
8767190ced02b19d4d515f3b53ae5537e2296e97
-
SHA256
481ad8f30ca4464b61a7886eb41db0e0e59f5d6fb65389b1e9b18f82f985ed5f
-
SHA512
53ebeadc8d3f418dbdbdf54a180c0307fab650b2e5bf8de341a80fd8ac11344f577666e09f80a245c655d591dfc46d946b21baf7b45f1ab1928fb1d2489e38b3
-
SSDEEP
6144:ovEANMO1UnseVgkV0xwvfxnhLTiusLe1740B:nuM0Unsna5mut40B
Score
10/10
Malware Config
Signatures
-
GandCrab payload 2 IoCs
resource yara_rule behavioral2/memory/4572-1-0x0000000000400000-0x0000000003B9B000-memory.dmp family_gandcrab behavioral2/memory/4572-3-0x0000000005990000-0x00000000059A7000-memory.dmp family_gandcrab -
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
-
Program crash 1 IoCs
pid pid_target Process procid_target 1324 4572 WerFault.exe 91 -
Suspicious use of SetWindowsHookAW 64 IoCs
pid Process 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe 4572 3802078969745db373c08aad4c6dfc12.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3802078969745db373c08aad4c6dfc12.exe"C:\Users\Admin\AppData\Local\Temp\3802078969745db373c08aad4c6dfc12.exe"1⤵
- Suspicious use of SetWindowsHookAW
PID:4572 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 4802⤵
- Program crash
PID:1324
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4572 -ip 45721⤵PID:1212
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1032 --field-trial-handle=3488,i,1267426273081718772,6254127258555406296,262144 --variations-seed-version /prefetch:81⤵PID:2852