Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-07-2024 12:44

General

  • Target

    2024-07-23_cb934b3ad071b206df06cffff22ea32e_gandcrab.exe

  • Size

    70KB

  • MD5

    cb934b3ad071b206df06cffff22ea32e

  • SHA1

    1a2e229c66b2cc22db7a41b1b868df60e2e900b2

  • SHA256

    7ea8db38f80ddaf3cdc2b941022870692dee3b45f48663c3ffeeb105b9d971ed

  • SHA512

    aee2cd2e0894a2c3dbc963cc067e19b60f7f5267660545dc80614393ec5e71f3543de621ff81676c87c795c54e87ea934fb1726010ae1002e070251a8dc683c6

  • SSDEEP

    1536:tZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:sd5BJHMqqDL2/Ovvdr

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-23_cb934b3ad071b206df06cffff22ea32e_gandcrab.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-23_cb934b3ad071b206df06cffff22ea32e_gandcrab.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:1080

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads