Analysis
-
max time kernel
131s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
31-05-2024 19:35
Behavioral task
behavioral1
Sample
2024-05-31_cf9dac8a0daf7b2ac51b006d0c0fcc00_bkransomware_gandcrab_karagany.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-05-31_cf9dac8a0daf7b2ac51b006d0c0fcc00_bkransomware_gandcrab_karagany.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-05-31_cf9dac8a0daf7b2ac51b006d0c0fcc00_bkransomware_gandcrab_karagany.exe
-
Size
155KB
-
MD5
cf9dac8a0daf7b2ac51b006d0c0fcc00
-
SHA1
f3cd556ee4545b2f7b4ef254c2652abb227a8587
-
SHA256
bcd0fa724bb0e8e7536fe197e363fe5d0dc3c99419e61b1e84a53b377648d137
-
SHA512
4c0ddd5e0accb6c014b5079a1df5c5a211095d4cb3483fe60f62534b5ae2f0b6bf43ddcb26580f7905b9b60eb7d086e69c89f120da865991c04f5dc4ce87afa1
-
SSDEEP
3072:l5K/B0toLQSNJzlZHQsozTS+SMqqDL2/TrKfmG:lcytwtp1yTS+xqqDL6HKP
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3080 1836 WerFault.exe 2024-05-31_cf9dac8a0daf7b2ac51b006d0c0fcc00_bkransomware_gandcrab_karagany.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-31_cf9dac8a0daf7b2ac51b006d0c0fcc00_bkransomware_gandcrab_karagany.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-31_cf9dac8a0daf7b2ac51b006d0c0fcc00_bkransomware_gandcrab_karagany.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 2722⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1836 -ip 18361⤵