bdf4c41840e6d050dfed19559af277c4221a166d798b7ced0812dc2deb81379e

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22/04/2024, 12:24

Target

2024-04-22_c84b82fb1dc1f9a8ebc7676218fcd6b9_krakencryptor.exe
Size

1.2MB
MD5

c84b82fb1dc1f9a8ebc7676218fcd6b9
SHA1

57975a05faa1adcc24af597265ef3b74c18c1b45
SHA256

bdf4c41840e6d050dfed19559af277c4221a166d798b7ced0812dc2deb81379e
SHA512

5c5d50a73709e965907a5dc94fe648dcd51f089fa62195c3db4f0862e2897d908c4917f0d7d4e946f22a8bac0d8218ce7fd50ad0ffc2f07534d84260e49e9df8
SSDEEP

24576:FWY6GtAywtvRuVFLfKU5ZXNL2PVh6B+BzjmcX+d:Fl6G0tvRuVFrGBzjad

Score

9^/10

Detects encrypted or obfuscated .NET executables 1 IoCs

resource	yara_rule
behavioral1/memory/2460-0-0x0000000000370000-0x00000000004B0000-memory.dmp	INDICATOR_EXE_DotNET_Encrypted

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2472	2460	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2472	2460	2024-04-22_c84b82fb1dc1f9a8ebc7676218fcd6b9_krakencryptor.exe	28
PID 2460 wrote to memory of 2472	2460	2024-04-22_c84b82fb1dc1f9a8ebc7676218fcd6b9_krakencryptor.exe	28
PID 2460 wrote to memory of 2472	2460	2024-04-22_c84b82fb1dc1f9a8ebc7676218fcd6b9_krakencryptor.exe	28
PID 2460 wrote to memory of 2472	2460	2024-04-22_c84b82fb1dc1f9a8ebc7676218fcd6b9_krakencryptor.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-04-22_c84b82fb1dc1f9a8ebc7676218fcd6b9_krakencryptor.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-22_c84b82fb1dc1f9a8ebc7676218fcd6b9_krakencryptor.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 556
  2⤵
  - Program crash
  PID:2472

memory/2460-1-0x0000000074960000-0x000000007504E000-memory.dmp

Filesize
6.9MB

Download
memory/2460-0-0x0000000000370000-0x00000000004B0000-memory.dmp

Filesize
1.2MB

Download
memory/2460-2-0x0000000002140000-0x0000000002180000-memory.dmp

Filesize
256KB

Download
memory/2460-3-0x0000000000360000-0x0000000000372000-memory.dmp

Filesize
72KB

Download
memory/2460-4-0x0000000074960000-0x000000007504E000-memory.dmp

Filesize
6.9MB

Download
memory/2460-5-0x0000000002140000-0x0000000002180000-memory.dmp

Filesize
256KB

Download