d4d0a07f7ca265faafa3bf2024cc08962b29c11aaea2381e8cb218680d272897

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 21:56

Target

2024-05-15_6f04ad50ed672984b0a32f9b3bde6d08_bkransomware_gandcrab_karagany.exe
Size

141KB
MD5

6f04ad50ed672984b0a32f9b3bde6d08
SHA1

879ba62a1d148256a97757b89138d0de51f9e813
SHA256

d4d0a07f7ca265faafa3bf2024cc08962b29c11aaea2381e8cb218680d272897
SHA512

9c5bf5c535509e5e9b52c54d2fab57371b8d9714ae4539bb9f7e41f789b6cf2e0b3e45a9f435a211dec615fdf77e1afc2af8b03fe94775d70877ecdd8567e914
SSDEEP

3072:m5tmM+mBqQHZUs4QL1nMqqDL2/OPvdlG:m5t3vj4QL1MqqDL6svdlG

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process
2332	1276	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 2332	1276	2024-05-15_6f04ad50ed672984b0a32f9b3bde6d08_bkransomware_gandcrab_karagany.exe	28
PID 1276 wrote to memory of 2332	1276	2024-05-15_6f04ad50ed672984b0a32f9b3bde6d08_bkransomware_gandcrab_karagany.exe	28
PID 1276 wrote to memory of 2332	1276	2024-05-15_6f04ad50ed672984b0a32f9b3bde6d08_bkransomware_gandcrab_karagany.exe	28
PID 1276 wrote to memory of 2332	1276	2024-05-15_6f04ad50ed672984b0a32f9b3bde6d08_bkransomware_gandcrab_karagany.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-05-15_6f04ad50ed672984b0a32f9b3bde6d08_bkransomware_gandcrab_karagany.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-15_6f04ad50ed672984b0a32f9b3bde6d08_bkransomware_gandcrab_karagany.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 36
  2⤵
  - Program crash
  PID:2332