Analysis

  • max time kernel
    51s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-06-2024 19:47

General

  • Target

    2024-06-16_1e2a8e1d7ef4f1b6afcfca6ff0dc0923_karagany_mafia.exe

  • Size

    308KB

  • MD5

    1e2a8e1d7ef4f1b6afcfca6ff0dc0923

  • SHA1

    b496d0e9cae055bda8552cdf24708532976fb64f

  • SHA256

    d2e89e95fd9c866dbd1523b31fa7f5fa65cb9a72bb35b845ea61034fc3a34146

  • SHA512

    7be330690117e51795fc946e85c7f8dce90b7f9a2718f9f4a6e875dc4c63a74f3771c0c14950a450693375cdb3683464f4a0e956e3c846b3ddfb890d1b572199

  • SSDEEP

    6144:JzL7ShWDLVzVNam6GxI29dqG3KdYAYqTuPZp:XDHNam62ZdKmZmuPH

Malware Config

Signatures

  • GandCrab payload 2 IoCs
  • Gandcrab

    Gandcrab is a Trojan horse that encrypts files on a computer.

  • Detects Reflective DLL injection artifacts 2 IoCs
  • Detects ransomware indicator 1 IoCs
  • Gandcrab Payload 2 IoCs
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-16_1e2a8e1d7ef4f1b6afcfca6ff0dc0923_karagany_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-16_1e2a8e1d7ef4f1b6afcfca6ff0dc0923_karagany_mafia.exe"
    1⤵
      PID:1584
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 480
        2⤵
        • Program crash
        PID:536
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1584 -ip 1584
      1⤵
        PID:2700

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1584-2-0x000000000AA70000-0x000000000AA87000-memory.dmp
        Filesize

        92KB

      • memory/1584-1-0x0000000000400000-0x0000000001400000-memory.dmp
        Filesize

        16.0MB