Overview
overview
7Static
static
3erdre gdps.7z
windows7-x64
3erdre gdps.7z
windows10-2004-x64
3erdre gdps...op.ini
windows7-x64
1erdre gdps...op.ini
windows10-2004-x64
1erdre gdps...ll.exe
windows7-x64
7erdre gdps...ll.exe
windows10-2004-x64
7erdre gdps/readme
windows7-x64
1erdre gdps/readme
windows10-2004-x64
1Resubmissions
18-06-2024 10:26
240618-mglccatcpr 818-06-2024 10:22
240618-mefdbatbrp 418-06-2024 10:17
240618-mblqxsyglg 818-06-2024 10:15
240618-majvyaygje 818-06-2024 10:13
240618-l9cp8stakr 718-06-2024 10:11
240618-l7x86ayfke 818-06-2024 10:08
240618-l6ds5ayenh 818-06-2024 10:05
240618-l4jatssgmp 818-06-2024 10:03
240618-l3pq8aydqc 7Analysis
-
max time kernel
140s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
18-06-2024 10:03
Static task
static1
Behavioral task
behavioral1
Sample
erdre gdps.7z
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
erdre gdps.7z
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
erdre gdps/desktop.ini
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
erdre gdps/desktop.ini
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
erdre gdps/erdre GDPS install.exe
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
erdre gdps/erdre GDPS install.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
erdre gdps/readme
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
erdre gdps/readme
Resource
win10v2004-20240508-en
General
-
Target
erdre gdps/erdre GDPS install.exe
-
Size
1.6MB
-
MD5
3d266248c5b1c72bc74474f0dc5faf10
-
SHA1
9462f26700a5c8fa7e4c4529799c8f5a7bd24381
-
SHA256
d628ff4a5c320986919947540a8ac6c453ceefeb3167ec7930e744da77ac3a1d
-
SHA512
2969e21eb6ef4db7eee7b5b4afa3bdff437be0ccc3ca4238847e256e84dd76e539baf991d709fa9a3dac74e3df2c6376bce7094c8e8392978210b24859b41941
-
SSDEEP
24576:sawwKusHwEwSimy1d/v1SnxSGM1aXzV6YjDty+YTUxyVl:MwRED2d/vMxgajVxQ++U4D
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
erdre GDPS install.tmppid process 892 erdre GDPS install.tmp -
Loads dropped DLL 1 IoCs
Processes:
erdre GDPS install.exepid process 2112 erdre GDPS install.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
erdre GDPS install.exedescription pid process target process PID 2112 wrote to memory of 892 2112 erdre GDPS install.exe erdre GDPS install.tmp PID 2112 wrote to memory of 892 2112 erdre GDPS install.exe erdre GDPS install.tmp PID 2112 wrote to memory of 892 2112 erdre GDPS install.exe erdre GDPS install.tmp PID 2112 wrote to memory of 892 2112 erdre GDPS install.exe erdre GDPS install.tmp PID 2112 wrote to memory of 892 2112 erdre GDPS install.exe erdre GDPS install.tmp PID 2112 wrote to memory of 892 2112 erdre GDPS install.exe erdre GDPS install.tmp PID 2112 wrote to memory of 892 2112 erdre GDPS install.exe erdre GDPS install.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\erdre gdps\erdre GDPS install.exe"C:\Users\Admin\AppData\Local\Temp\erdre gdps\erdre GDPS install.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2112 -
C:\Users\Admin\AppData\Local\Temp\is-U4PMU.tmp\erdre GDPS install.tmp"C:\Users\Admin\AppData\Local\Temp\is-U4PMU.tmp\erdre GDPS install.tmp" /SL5="$30130,775972,730112,C:\Users\Admin\AppData\Local\Temp\erdre gdps\erdre GDPS install.exe"2⤵
- Executes dropped EXE
PID:892
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.9MB
MD5fe9bea77f231fb8526ce2a8a2ccd58dc
SHA10c502b1e730e1274e90e08b35cb5f62430db3862
SHA2560b91ffec7e9c97010e43860f019ce22f5378efda2b4d9761240290c907a92eb7
SHA512c6cda66ce548c060ba89760edb6790133da38f41c9ab19563ffabd6debab463d71efa1041905acc950e415a2180e95eef63670b1ec81ccd35ea3aae01c3a3855