Resubmissions

18-06-2024 10:26

240618-mglccatcpr 8

18-06-2024 10:22

240618-mefdbatbrp 4

18-06-2024 10:17

240618-mblqxsyglg 8

18-06-2024 10:15

240618-majvyaygje 8

18-06-2024 10:13

240618-l9cp8stakr 7

18-06-2024 10:11

240618-l7x86ayfke 8

18-06-2024 10:08

240618-l6ds5ayenh 8

18-06-2024 10:05

240618-l4jatssgmp 8

18-06-2024 10:03

240618-l3pq8aydqc 7

Analysis

  • max time kernel
    18s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    18-06-2024 10:03

General

  • Target

    erdre gdps.7z

  • Size

    1.1MB

  • MD5

    ca9d500698c249375695b698dca4ea46

  • SHA1

    ef9ca55537b6cdc5c3b5957e5bf035c65a100a65

  • SHA256

    de5512870659824110a206fb3f960bb8dd913c981fc0eb87cf2f49159436d78b

  • SHA512

    de564faf97f75340c8fba864728b069f3200f616fb21e60317dfdec62517e89245f0a533c010e3d2c11fa946616b0ac755725769798b24025935c82386cddbf9

  • SSDEEP

    24576:SOAFN36gv0uG7myXkH/1SQQtGao3PH4N4GKWyNSTvxU/l:SOMlvMkH/2QT3v4yhNEvWN

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\erdre gdps.7z"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3008
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\erdre gdps.7z
      2⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2676

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads