Overview

overview

10

Static

static

3

2024-04-17...ia.exe

windows7-x64

10

2024-04-17...ia.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    91s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-04-2024 23:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-17_560a62a06633e40149441aa56fb89988_karagany_mafia.exe

  • Size

    308KB

  • MD5

    560a62a06633e40149441aa56fb89988

  • SHA1

    cce140fcfe49548ebf874d76155edae9ffc04f16

  • SHA256

    7699e6c0b87b4996e8be41dc0288fd26d824038f78435e151c37629a63ec08b3

  • SHA512

    74611f8ee2ac25860a3d291c02d972808027054637404ce555ebbff958c2435693c21a34b42e5c633e73a25b33dd17c0d88e0871fd5298e9c2499f3bff1b2c2f

  • SSDEEP

    6144:YzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:+DHNam62ZdKmZmuPH

Score
10/10
gandcrabbackdoorransomware

Malware Config

Signatures

  • GandCrab payload 2 IoCs
  • Gandcrab

    Gandcrab is a Trojan horse that encrypts files on a computer.

    ransomwarebackdoorgandcrab
  • Detects Reflective DLL injection artifacts 2 IoCs
  • Detects ransomware indicator 1 IoCs
  • Gandcrab Payload 2 IoCs
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-17_560a62a06633e40149441aa56fb89988_karagany_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-17_560a62a06633e40149441aa56fb89988_karagany_mafia.exe"
    1⤵
      PID:2940
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 480
        2⤵
        • Program crash
        PID:2580
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2940 -ip 2940
      1⤵
        PID:1100

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2940-1-0x000000000A9C0000-0x000000000AAC0000-memory.dmp
        Filesize

        1024KB

        Download
      • memory/2940-2-0x0000000000400000-0x0000000001400000-memory.dmp
        Filesize

        16.0MB

        Download
      • memory/2940-3-0x000000000C720000-0x000000000C737000-memory.dmp
        Filesize

        92KB

        Download