Overview
overview
7Static
static
3erdre gdps.7z
windows7-x64
3erdre gdps.7z
windows10-2004-x64
3erdre gdps...op.ini
windows7-x64
1erdre gdps...op.ini
windows10-2004-x64
1erdre gdps...ll.exe
windows7-x64
7erdre gdps...ll.exe
windows10-2004-x64
7erdre gdps/readme
windows7-x64
1erdre gdps/readme
windows10-2004-x64
1Resubmissions
18-06-2024 10:26
240618-mglccatcpr 818-06-2024 10:22
240618-mefdbatbrp 418-06-2024 10:17
240618-mblqxsyglg 818-06-2024 10:15
240618-majvyaygje 818-06-2024 10:13
240618-l9cp8stakr 718-06-2024 10:11
240618-l7x86ayfke 818-06-2024 10:08
240618-l6ds5ayenh 818-06-2024 10:05
240618-l4jatssgmp 818-06-2024 10:03
240618-l3pq8aydqc 7Analysis
-
max time kernel
18s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
18-06-2024 10:03
Static task
static1
Behavioral task
behavioral1
Sample
erdre gdps.7z
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
erdre gdps.7z
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
erdre gdps/desktop.ini
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
erdre gdps/desktop.ini
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
erdre gdps/erdre GDPS install.exe
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
erdre gdps/erdre GDPS install.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
erdre gdps/readme
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
erdre gdps/readme
Resource
win10v2004-20240508-en
General
-
Target
erdre gdps.7z
-
Size
1.1MB
-
MD5
ca9d500698c249375695b698dca4ea46
-
SHA1
ef9ca55537b6cdc5c3b5957e5bf035c65a100a65
-
SHA256
de5512870659824110a206fb3f960bb8dd913c981fc0eb87cf2f49159436d78b
-
SHA512
de564faf97f75340c8fba864728b069f3200f616fb21e60317dfdec62517e89245f0a533c010e3d2c11fa946616b0ac755725769798b24025935c82386cddbf9
-
SSDEEP
24576:SOAFN36gv0uG7myXkH/1SQQtGao3PH4N4GKWyNSTvxU/l:SOMlvMkH/2QT3v4yhNEvWN
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
Processes:
rundll32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
rundll32.exepid process 2676 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 3008 wrote to memory of 2676 3008 cmd.exe rundll32.exe PID 3008 wrote to memory of 2676 3008 cmd.exe rundll32.exe PID 3008 wrote to memory of 2676 3008 cmd.exe rundll32.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\erdre gdps.7z"1⤵
- Suspicious use of WriteProcessMemory
PID:3008 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\erdre gdps.7z2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:2676