Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 19:35

General

  • Target

    2024-05-31_cf9dac8a0daf7b2ac51b006d0c0fcc00_bkransomware_gandcrab_karagany.exe

  • Size

    155KB

  • MD5

    cf9dac8a0daf7b2ac51b006d0c0fcc00

  • SHA1

    f3cd556ee4545b2f7b4ef254c2652abb227a8587

  • SHA256

    bcd0fa724bb0e8e7536fe197e363fe5d0dc3c99419e61b1e84a53b377648d137

  • SHA512

    4c0ddd5e0accb6c014b5079a1df5c5a211095d4cb3483fe60f62534b5ae2f0b6bf43ddcb26580f7905b9b60eb7d086e69c89f120da865991c04f5dc4ce87afa1

  • SSDEEP

    3072:l5K/B0toLQSNJzlZHQsozTS+SMqqDL2/TrKfmG:lcytwtp1yTS+xqqDL6HKP

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-31_cf9dac8a0daf7b2ac51b006d0c0fcc00_bkransomware_gandcrab_karagany.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-31_cf9dac8a0daf7b2ac51b006d0c0fcc00_bkransomware_gandcrab_karagany.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 88
      2⤵
      • Program crash
      PID:1956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads