Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    07/08/2023, 21:34

General

  • Target

    rStorhertugs.exe

  • Size

    559KB

  • MD5

    21cc7025dfd2e0f475cf3cb39e4b9005

  • SHA1

    725ff1d1817fb6b176384f8d6938c29aae519dd8

  • SHA256

    e49fd2a82352a63a184372f5a71abf67cb1f9b709d4cf61d4de50194bdac57c3

  • SHA512

    5871c0831404d3f49c544403053ed9b319f489d1bfdf2387f79fda1d9ac38ffe8dfc2db4d5762c7bb17df695cd47beca030cd802c60f73c744b978b328b74e4f

  • SSDEEP

    12288:AtHb13bWiceH9L6CLmeRfXnH9lXLwRg2IiX/Pcvu:MbNrcy9uRSPH9l7ig2I4c2

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\rStorhertugs.exe
    "C:\Users\Admin\AppData\Local\Temp\rStorhertugs.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 428
      2⤵
      • Program crash
      PID:2868

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\nst8EE9.tmp\System.dll

          Filesize

          11KB

          MD5

          7399323923e3946fe9140132ac388132

          SHA1

          728257d06c452449b1241769b459f091aabcffc5

          SHA256

          5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3

          SHA512

          d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1

        • memory/3016-64-0x0000000002F70000-0x0000000004859000-memory.dmp

          Filesize

          24.9MB

        • memory/3016-65-0x0000000002F70000-0x0000000004859000-memory.dmp

          Filesize

          24.9MB