Overview

overview

7

Static

static

3

GDLauncher...64.exe

windows10-1703-x64

7

$PLUGINSDI...er.dll

windows10-1703-x64

1

$PLUGINSDI...ls.dll

windows10-1703-x64

3

$PLUGINSDI...em.dll

windows10-1703-x64

3

$PLUGINSDI...ll.dll

windows10-1703-x64

3

$PLUGINSDIR/app-64.7z

windows10-1703-x64

3

GDLauncher.exe

windows10-1703-x64

7

LICENSE.electron.txt

windows10-1703-x64

1

LICENSES.c...m.html

windows10-1703-x64

4

chrome_100...nt.pak

windows10-1703-x64

3

chrome_200...nt.pak

windows10-1703-x64

3

icudtl.dat

windows10-1703-x64

3

locales/af.pak

windows10-1703-x64

3

locales/am.pak

windows10-1703-x64

3

locales/ar.pak

windows10-1703-x64

3

locales/bg.pak

windows10-1703-x64

3

locales/bn.pak

windows10-1703-x64

3

locales/ca.pak

windows10-1703-x64

3

owutility.dll

windows10-1703-x64

1

resources/...li.exe

windows10-1703-x64

1

resources/...le.exe

windows10-1703-x64

5

resources/elevate.exe

windows10-1703-x64

1

vk_swiftshader.dll

windows10-1703-x64

1

vulkan-1.dll

windows10-1703-x64

1

$PLUGINSDI...ec.dll

windows10-1703-x64

3

$PLUGINSDI...7z.dll

windows10-1703-x64

3

$R0/Uninst...er.exe

windows10-1703-x64

4

$PLUGINSDIR/INetC.dll

windows10-1703-x64

3

$PLUGINSDI...ls.dll

windows10-1703-x64

3

$PLUGINSDI...em.dll

windows10-1703-x64

3

$PLUGINSDI...ll.dll

windows10-1703-x64

3

$PLUGINSDI...ec.dll

windows10-1703-x64

3

Analysis

  • max time kernel
    127s
  • max time network
    134s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-es
  • resource tags

    arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    05-06-2024 18:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $R0/Uninstall GDLauncher.exe

  • Size

    268KB

  • MD5

    d455870757ad6dffb3e24ff810715022

  • SHA1

    7b74d8c70a4a35b557770f535c719ea1dec94e84

  • SHA256

    6c4b71d9734d469d634236436bf40fae8c20c4718d2ddc16d73a68f5b7306780

  • SHA512

    9c4ba1b3a6a2a1966dc9cfbafdaeec9e27d0842ce205a1d7c6063edafaa4d666fb028aca0db68ff6885cd6d67510beadc3e5b2ba288171d0e630ee50f6e7940e

  • SSDEEP

    6144:Y740IAE2lMbfuf3s2t0EyL+yaCDPFH6XdR+EkiH3yL:SlWfuMRKJCDPNKT1zH3U

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$R0\Uninstall GDLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\$R0\Uninstall GDLauncher.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4980
    • C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\$R0\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2428

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
    Filesize

    268KB

    MD5

    d455870757ad6dffb3e24ff810715022

    SHA1

    7b74d8c70a4a35b557770f535c719ea1dec94e84

    SHA256

    6c4b71d9734d469d634236436bf40fae8c20c4718d2ddc16d73a68f5b7306780

    SHA512

    9c4ba1b3a6a2a1966dc9cfbafdaeec9e27d0842ce205a1d7c6063edafaa4d666fb028aca0db68ff6885cd6d67510beadc3e5b2ba288171d0e630ee50f6e7940e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsf92FA.tmp\System.dll
    Filesize

    12KB

    MD5

    0d7ad4f45dc6f5aa87f606d0331c6901

    SHA1

    48df0911f0484cbe2a8cdd5362140b63c41ee457

    SHA256

    3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    SHA512

    c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    Download Submit