Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    25-07-2024 10:46

General

  • Target

    2024-07-25_0730acb4e5b0ab4af7ae9dbc32f37052_bkransomware_gandcrab_karagany.exe

  • Size

    155KB

  • MD5

    0730acb4e5b0ab4af7ae9dbc32f37052

  • SHA1

    42ec0154e1251d5f5eef3736e4b364872f46e0c8

  • SHA256

    5255e2e1bf18acfda055c28c3733db8e160f951e00984fdf65b6b1a5ea6f898e

  • SHA512

    4a3a7b2632bc3d0c7ea16e39c1ed633ec0d5e16b757d9fa6b3aacae570563f7890704727d97d65fc55f1ee31ec64676d180f75e23d5d8325d70d273e610ab22e

  • SSDEEP

    3072:l5K/B0toLGSNJSlZHQsozTS+SMqqDL2/TrKDTG:lcytwTO1yTS+xqqDL6HKW

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-25_0730acb4e5b0ab4af7ae9dbc32f37052_bkransomware_gandcrab_karagany.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-25_0730acb4e5b0ab4af7ae9dbc32f37052_bkransomware_gandcrab_karagany.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1628
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 88
      2⤵
      • Program crash
      PID:1936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads