Overview
overview
7Static
static
3erdre gdps.7z
windows7-x64
3erdre gdps.7z
windows10-2004-x64
3erdre gdps...op.ini
windows7-x64
1erdre gdps...op.ini
windows10-2004-x64
1erdre gdps...ll.exe
windows7-x64
7erdre gdps...ll.exe
windows10-2004-x64
7erdre gdps/readme
windows7-x64
1erdre gdps/readme
windows10-2004-x64
1Resubmissions
18-06-2024 10:26
240618-mglccatcpr 818-06-2024 10:22
240618-mefdbatbrp 418-06-2024 10:17
240618-mblqxsyglg 818-06-2024 10:15
240618-majvyaygje 818-06-2024 10:13
240618-l9cp8stakr 718-06-2024 10:11
240618-l7x86ayfke 818-06-2024 10:08
240618-l6ds5ayenh 818-06-2024 10:05
240618-l4jatssgmp 818-06-2024 10:03
240618-l3pq8aydqc 7Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18-06-2024 10:03
Static task
static1
Behavioral task
behavioral1
Sample
erdre gdps.7z
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
erdre gdps.7z
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
erdre gdps/desktop.ini
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
erdre gdps/desktop.ini
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
erdre gdps/erdre GDPS install.exe
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
erdre gdps/erdre GDPS install.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
erdre gdps/readme
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
erdre gdps/readme
Resource
win10v2004-20240508-en
General
-
Target
erdre gdps.7z
-
Size
1.1MB
-
MD5
ca9d500698c249375695b698dca4ea46
-
SHA1
ef9ca55537b6cdc5c3b5957e5bf035c65a100a65
-
SHA256
de5512870659824110a206fb3f960bb8dd913c981fc0eb87cf2f49159436d78b
-
SHA512
de564faf97f75340c8fba864728b069f3200f616fb21e60317dfdec62517e89245f0a533c010e3d2c11fa946616b0ac755725769798b24025935c82386cddbf9
-
SSDEEP
24576:SOAFN36gv0uG7myXkH/1SQQtGao3PH4N4GKWyNSTvxU/l:SOMlvMkH/2QT3v4yhNEvWN
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 220 OpenWith.exe