Analysis
-
max time kernel
131s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
25-05-2024 22:58
Behavioral task
behavioral1
Sample
2024-05-25_930ddcd2d6c10ea7a3a7736343701584_bkransomware_gandcrab_karagany.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-05-25_930ddcd2d6c10ea7a3a7736343701584_bkransomware_gandcrab_karagany.exe
Resource
win10v2004-20240426-en
General
-
Target
2024-05-25_930ddcd2d6c10ea7a3a7736343701584_bkransomware_gandcrab_karagany.exe
-
Size
155KB
-
MD5
930ddcd2d6c10ea7a3a7736343701584
-
SHA1
77cbea55c112b436f2140d3611d4bc5880cc386c
-
SHA256
32ebbcad1e997db22c0c623dca15617b7ec7f319a713ac1d28c7a71e0b18d8c7
-
SHA512
7946a967c6818eb68214c2412efbde4c7dde940c91259191d61581fc136d0b6b69c5cfc25fa1613df043422469a27bc85ce7533a0e1c30dcf7c507e8259715d8
-
SSDEEP
3072:l5K/B0toLxSNJOlZHQsozTS+SMqqDL2/TrKYbG:lcytwsS1yTS+xqqDL6HKd
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3704 2328 WerFault.exe 2024-05-25_930ddcd2d6c10ea7a3a7736343701584_bkransomware_gandcrab_karagany.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_930ddcd2d6c10ea7a3a7736343701584_bkransomware_gandcrab_karagany.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-25_930ddcd2d6c10ea7a3a7736343701584_bkransomware_gandcrab_karagany.exe"1⤵PID:2328
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 2642⤵
- Program crash
PID:3704
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2328 -ip 23281⤵PID:1324