Analysis
-
max time kernel
117s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
07/08/2023, 21:34
Static task
static1
Behavioral task
behavioral1
Sample
rStorhertugs.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
rStorhertugs.exe
Resource
win10v2004-20230703-en
General
-
Target
rStorhertugs.exe
-
Size
559KB
-
MD5
21cc7025dfd2e0f475cf3cb39e4b9005
-
SHA1
725ff1d1817fb6b176384f8d6938c29aae519dd8
-
SHA256
e49fd2a82352a63a184372f5a71abf67cb1f9b709d4cf61d4de50194bdac57c3
-
SHA512
5871c0831404d3f49c544403053ed9b319f489d1bfdf2387f79fda1d9ac38ffe8dfc2db4d5762c7bb17df695cd47beca030cd802c60f73c744b978b328b74e4f
-
SSDEEP
12288:AtHb13bWiceH9L6CLmeRfXnH9lXLwRg2IiX/Pcvu:MbNrcy9uRSPH9l7ig2I4c2
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 3016 rStorhertugs.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 2868 3016 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3016 wrote to memory of 2868 3016 rStorhertugs.exe 30 PID 3016 wrote to memory of 2868 3016 rStorhertugs.exe 30 PID 3016 wrote to memory of 2868 3016 rStorhertugs.exe 30 PID 3016 wrote to memory of 2868 3016 rStorhertugs.exe 30
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD57399323923e3946fe9140132ac388132
SHA1728257d06c452449b1241769b459f091aabcffc5
SHA2565a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3
SHA512d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1