Analysis
-
max time kernel
143s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
07/08/2023, 21:34
Static task
static1
Behavioral task
behavioral1
Sample
rStorhertugs.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
rStorhertugs.exe
Resource
win10v2004-20230703-en
General
-
Target
rStorhertugs.exe
-
Size
559KB
-
MD5
21cc7025dfd2e0f475cf3cb39e4b9005
-
SHA1
725ff1d1817fb6b176384f8d6938c29aae519dd8
-
SHA256
e49fd2a82352a63a184372f5a71abf67cb1f9b709d4cf61d4de50194bdac57c3
-
SHA512
5871c0831404d3f49c544403053ed9b319f489d1bfdf2387f79fda1d9ac38ffe8dfc2db4d5762c7bb17df695cd47beca030cd802c60f73c744b978b328b74e4f
-
SSDEEP
12288:AtHb13bWiceH9L6CLmeRfXnH9lXLwRg2IiX/Pcvu:MbNrcy9uRSPH9l7ig2I4c2
Malware Config
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Loads dropped DLL 1 IoCs
pid Process 2576 rStorhertugs.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 3872 2576 WerFault.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\rStorhertugs.exe"C:\Users\Admin\AppData\Local\Temp\rStorhertugs.exe"1⤵
- Loads dropped DLL
PID:2576 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 8362⤵
- Program crash
PID:3872
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2576 -ip 25761⤵PID:460
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD57399323923e3946fe9140132ac388132
SHA1728257d06c452449b1241769b459f091aabcffc5
SHA2565a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3
SHA512d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1