Resubmissions
18-06-2024 10:26
240618-mglccatcpr 818-06-2024 10:22
240618-mefdbatbrp 418-06-2024 10:17
240618-mblqxsyglg 818-06-2024 10:15
240618-majvyaygje 818-06-2024 10:13
240618-l9cp8stakr 718-06-2024 10:11
240618-l7x86ayfke 818-06-2024 10:08
240618-l6ds5ayenh 818-06-2024 10:05
240618-l4jatssgmp 818-06-2024 10:03
240618-l3pq8aydqc 7Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
18-06-2024 10:05
Static task
static1
Behavioral task
behavioral1
Sample
erdre gdps.7z
Resource
win11-20240508-en
Behavioral task
behavioral2
Sample
erdre gdps/desktop.ini
Resource
win11-20240611-en
Behavioral task
behavioral3
Sample
erdre gdps/erdre GDPS install.exe
Resource
win11-20240419-en
Behavioral task
behavioral4
Sample
erdre gdps/readme
Resource
win11-20240508-en
General
-
Target
erdre gdps/erdre GDPS install.exe
-
Size
1.6MB
-
MD5
3d266248c5b1c72bc74474f0dc5faf10
-
SHA1
9462f26700a5c8fa7e4c4529799c8f5a7bd24381
-
SHA256
d628ff4a5c320986919947540a8ac6c453ceefeb3167ec7930e744da77ac3a1d
-
SHA512
2969e21eb6ef4db7eee7b5b4afa3bdff437be0ccc3ca4238847e256e84dd76e539baf991d709fa9a3dac74e3df2c6376bce7094c8e8392978210b24859b41941
-
SSDEEP
24576:sawwKusHwEwSimy1d/v1SnxSGM1aXzV6YjDty+YTUxyVl:MwRED2d/vMxgajVxQ++U4D
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
erdre GDPS install.tmppid process 3440 erdre GDPS install.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
erdre GDPS install.exedescription pid process target process PID 4728 wrote to memory of 3440 4728 erdre GDPS install.exe erdre GDPS install.tmp PID 4728 wrote to memory of 3440 4728 erdre GDPS install.exe erdre GDPS install.tmp PID 4728 wrote to memory of 3440 4728 erdre GDPS install.exe erdre GDPS install.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\erdre gdps\erdre GDPS install.exe"C:\Users\Admin\AppData\Local\Temp\erdre gdps\erdre GDPS install.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4728 -
C:\Users\Admin\AppData\Local\Temp\is-QV3LT.tmp\erdre GDPS install.tmp"C:\Users\Admin\AppData\Local\Temp\is-QV3LT.tmp\erdre GDPS install.tmp" /SL5="$40212,775972,730112,C:\Users\Admin\AppData\Local\Temp\erdre gdps\erdre GDPS install.exe"2⤵
- Executes dropped EXE
PID:3440
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.9MB
MD5fe9bea77f231fb8526ce2a8a2ccd58dc
SHA10c502b1e730e1274e90e08b35cb5f62430db3862
SHA2560b91ffec7e9c97010e43860f019ce22f5378efda2b4d9761240290c907a92eb7
SHA512c6cda66ce548c060ba89760edb6790133da38f41c9ab19563ffabd6debab463d71efa1041905acc950e415a2180e95eef63670b1ec81ccd35ea3aae01c3a3855