Analysis

  • max time kernel
    447s
  • max time network
    1172s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13-04-2024 02:05

General

  • Target

    Silver Rat/SilverRat.exe

  • Size

    25.7MB

  • MD5

    f32b6857259b5a94830d087559b5370a

  • SHA1

    a6f79e840ce7c3ab28428cc18d41e4286899b33b

  • SHA256

    7fbd062f70148d59c94c603191c5cdb4f62d70f2dfaf1ba519ed1af4a0a05d97

  • SHA512

    4289267c9db4aa92d9a95f8fa97760e0e77c387c2b32419656b7b19f92ebb4356679be9cba3b77fe5e0cb64696c598e761c0bdce64a45bf8652824b77e27cb49

  • SSDEEP

    786432:HZYRGnGvovVvAuuglekvAR4vzHcv6lHGH9KdDmvQuLGgJMKV+n9n1vgvVv2jlv1R:vk79a5

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Silver Rat\SilverRat.exe
    "C:\Users\Admin\AppData\Local\Temp\Silver Rat\SilverRat.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1544
    • C:\Users\Admin\AppData\Local\Temp\Loader.exe
      "C:\Users\Admin\AppData\Local\Temp\Loader.exe"
      2⤵
      • Executes dropped EXE
      PID:3828
    • C:\Users\Admin\AppData\Local\Temp\SilverRat.exe
      "C:\Users\Admin\AppData\Local\Temp\SilverRat.exe"
      2⤵
      • Executes dropped EXE
      PID:404
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 904
        3⤵
        • Program crash
        PID:2012
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 404 -ip 404
    1⤵
      PID:3036

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Loader.exe

      Filesize

      490KB

      MD5

      9c9245810bad661af3d6efec543d34fd

      SHA1

      93e4f301156d120a87fe2c4be3aaa28b9dfd1a8d

      SHA256

      f5f14b9073f86da926a8ed319b3289b893442414d1511e45177f6915fb4e5478

      SHA512

      90d9593595511e722b733a13c53d2e69a1adc9c79b3349350deead2c1cdfed615921fb503597950070e9055f6df74bb64ccd94a60d7716822aa632699c70b767

    • C:\Users\Admin\AppData\Local\Temp\SilverRat.exe

      Filesize

      25.2MB

      MD5

      d6527f7d5f5152c3f5fff6786e5c1606

      SHA1

      e8da82b4a3d2b6bee04236162e5e46e636310ec6

      SHA256

      79a4605d24d32f992d8e144202e980bb6b52bf8c9925b1498a1da59e50ac51f9

      SHA512

      2b4eb9e66028d263c52b3da42fa3df256cf49cd7a7ebdf7c75da6a2dedfd2c22cb5f2071345b7016cd742539c74a801cad70c612330be79802fa19f860ea2d5f

    • memory/404-36-0x0000000073600000-0x0000000073DB1000-memory.dmp

      Filesize

      7.7MB

    • memory/404-35-0x00000000067F0000-0x0000000006882000-memory.dmp

      Filesize

      584KB

    • memory/404-34-0x0000000006D00000-0x00000000072A6000-memory.dmp

      Filesize

      5.6MB

    • memory/404-32-0x0000000000480000-0x0000000001DAE000-memory.dmp

      Filesize

      25.2MB

    • memory/404-31-0x0000000073600000-0x0000000073DB1000-memory.dmp

      Filesize

      7.7MB

    • memory/1544-30-0x0000000000400000-0x0000000001DB0000-memory.dmp

      Filesize

      25.7MB

    • memory/3828-24-0x0000000002950000-0x0000000002990000-memory.dmp

      Filesize

      256KB

    • memory/3828-28-0x0000000002950000-0x0000000002990000-memory.dmp

      Filesize

      256KB

    • memory/3828-26-0x0000000002950000-0x0000000002990000-memory.dmp

      Filesize

      256KB

    • memory/3828-23-0x0000000002950000-0x0000000002990000-memory.dmp

      Filesize

      256KB

    • memory/3828-33-0x0000000000D90000-0x0000000000DDB000-memory.dmp

      Filesize

      300KB

    • memory/3828-21-0x0000000002B00000-0x0000000002B01000-memory.dmp

      Filesize

      4KB

    • memory/3828-22-0x0000000002950000-0x0000000002990000-memory.dmp

      Filesize

      256KB

    • memory/3828-8-0x0000000000D90000-0x0000000000DDB000-memory.dmp

      Filesize

      300KB