Analysis
-
max time kernel
101s -
max time network
105s -
platform
windows11-21h2_x64 -
resource
win11-20250502-en -
resource tags
arch:x64arch:x86image:win11-20250502-enlocale:en-usos:windows11-21h2-x64system -
submitted
15/05/2025, 07:04
Behavioral task
behavioral1
Sample
2025-05-15_37f964b30a6e72c93b876171073cd418_elex_gandcrab.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
2025-05-15_37f964b30a6e72c93b876171073cd418_elex_gandcrab.exe
Resource
win11-20250502-en
General
-
Target
2025-05-15_37f964b30a6e72c93b876171073cd418_elex_gandcrab.exe
-
Size
70KB
-
MD5
37f964b30a6e72c93b876171073cd418
-
SHA1
7559d1028e9fe7130b6c050cfa1d9136ccf94fca
-
SHA256
d3c9038e3a14a87b0f6d74363cfefe332f7244ccfb6b76327225b529812a62ac
-
SHA512
da32a795a0ee6b0298ffe83f2e775e7b43693f951ef8c37c853e9b345620935448349646498aa484c2f5705ef9118e57769f0db77c5e658731bb6863f7d900d3
-
SSDEEP
1536:YZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZN:Xd5BJHMqqDL2/Ovvdamb
Malware Config
Signatures
-
GandCrab payload 1 IoCs
resource yara_rule behavioral2/memory/3000-0-0x0000000010000000-0x0000000010016AF4-memory.dmp family_gandcrab -
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
-
Gandcrab family
-
Program crash 1 IoCs
pid pid_target Process procid_target 4276 3000 WerFault.exe 77
Processes
-
C:\Users\Admin\AppData\Local\Temp\2025-05-15_37f964b30a6e72c93b876171073cd418_elex_gandcrab.exe"C:\Users\Admin\AppData\Local\Temp\2025-05-15_37f964b30a6e72c93b876171073cd418_elex_gandcrab.exe"1⤵PID:3000
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 82⤵
- Program crash
PID:4276
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3000 -ip 30001⤵PID:336