Analysis

  • max time kernel
    101s
  • max time network
    105s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250502-en
  • resource tags

    arch:x64arch:x86image:win11-20250502-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15/05/2025, 07:04

General

  • Target

    2025-05-15_37f964b30a6e72c93b876171073cd418_elex_gandcrab.exe

  • Size

    70KB

  • MD5

    37f964b30a6e72c93b876171073cd418

  • SHA1

    7559d1028e9fe7130b6c050cfa1d9136ccf94fca

  • SHA256

    d3c9038e3a14a87b0f6d74363cfefe332f7244ccfb6b76327225b529812a62ac

  • SHA512

    da32a795a0ee6b0298ffe83f2e775e7b43693f951ef8c37c853e9b345620935448349646498aa484c2f5705ef9118e57769f0db77c5e658731bb6863f7d900d3

  • SSDEEP

    1536:YZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZN:Xd5BJHMqqDL2/Ovvdamb

Malware Config

Signatures

  • GandCrab payload 1 IoCs
  • Gandcrab

    Gandcrab is a Trojan horse that encrypts files on a computer.

  • Gandcrab family
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-05-15_37f964b30a6e72c93b876171073cd418_elex_gandcrab.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-05-15_37f964b30a6e72c93b876171073cd418_elex_gandcrab.exe"
    1⤵
      PID:3000
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 8
        2⤵
        • Program crash
        PID:4276
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3000 -ip 3000
      1⤵
        PID:336

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/3000-0-0x0000000010000000-0x0000000010016AF4-memory.dmp

              Filesize

              90KB