Analysis
-
max time kernel
91s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29-03-2024 15:22
Static task
static1
Behavioral task
behavioral1
Sample
2024-03-29_01102d78217f04e932f0f989a1cebe9c_karagany_mafia.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-03-29_01102d78217f04e932f0f989a1cebe9c_karagany_mafia.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-03-29_01102d78217f04e932f0f989a1cebe9c_karagany_mafia.exe
-
Size
250KB
-
MD5
01102d78217f04e932f0f989a1cebe9c
-
SHA1
04928c07d97424adf4179a7d3a0e46f4e297b356
-
SHA256
d8dfef3f46f339eae86ad4926f345a154cf73737d7e99855f2786e8b452b0384
-
SHA512
3fce5e71da6ab5a2fef3cfc142050a9345759e44ae70268946e2dfddcb8ad0e0aebecf1b8693cebbe020f2570c55a37cc812b8ce3d806a7764469d88c0e8e0c1
-
SSDEEP
6144:9+YrOIBjaklexBgiJ8sTSIkIpxIp8mDtfPBRwasxXq:9OCjaklYgVIpxIhDtR
Malware Config
Signatures
-
GandCrab payload 2 IoCs
Processes:
resource yara_rule behavioral2/memory/3180-3-0x0000000000400000-0x0000000000444000-memory.dmp family_gandcrab behavioral2/memory/3180-4-0x0000000000630000-0x0000000000647000-memory.dmp family_gandcrab -
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
-
Detects Reflective DLL injection artifacts 2 IoCs
Processes:
resource yara_rule behavioral2/memory/3180-3-0x0000000000400000-0x0000000000444000-memory.dmp INDICATOR_SUSPICIOUS_ReflectiveLoader behavioral2/memory/3180-4-0x0000000000630000-0x0000000000647000-memory.dmp INDICATOR_SUSPICIOUS_ReflectiveLoader -
Detects ransomware indicator 2 IoCs
Processes:
resource yara_rule behavioral2/memory/3180-3-0x0000000000400000-0x0000000000444000-memory.dmp SUSP_RANSOMWARE_Indicator_Jul20 behavioral2/memory/3180-4-0x0000000000630000-0x0000000000647000-memory.dmp SUSP_RANSOMWARE_Indicator_Jul20 -
Gandcrab Payload 2 IoCs
Processes:
resource yara_rule behavioral2/memory/3180-3-0x0000000000400000-0x0000000000444000-memory.dmp Gandcrab behavioral2/memory/3180-4-0x0000000000630000-0x0000000000647000-memory.dmp Gandcrab -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4068 3180 WerFault.exe 2024-03-29_01102d78217f04e932f0f989a1cebe9c_karagany_mafia.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_01102d78217f04e932f0f989a1cebe9c_karagany_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-29_01102d78217f04e932f0f989a1cebe9c_karagany_mafia.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 4682⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3180 -ip 31801⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3180-0-0x00000000005F0000-0x000000000060B000-memory.dmpFilesize
108KB
-
memory/3180-1-0x00000000005F0000-0x000000000060B000-memory.dmpFilesize
108KB
-
memory/3180-2-0x0000000000400000-0x0000000000444000-memory.dmpFilesize
272KB
-
memory/3180-3-0x0000000000400000-0x0000000000444000-memory.dmpFilesize
272KB
-
memory/3180-4-0x0000000000630000-0x0000000000647000-memory.dmpFilesize
92KB