0dd6d44ab3ff20a6bd57b9fc6e104a869459721bcad906f2ab759a6ede4c7b9f | Triage

Analysis

max time kernel
132s
max time network
146s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
19-06-2024 19:09

Sharing

Report Analysis Logs

General

Target

StrGene.dll
Size

86KB
MD5

0cf43737c5d063a82b788d56206b43c5
SHA1

0c8c151b31a62fe470b89ccaba893145b63d612b
SHA256

8e731f4d1dddb9a46031f3d863425c62bfd16dd755925d42fa6d5f707b27f6d6
SHA512

51fd91814eb7bea84e5bfc5d420d995fcbaa0dfbc31319a7fee9ffc8e3aa28d924cedbc72e1e792bedbfded3a9d29937f335f30ac2bb4dda8caa02c37f4cf287
SSDEEP

1536:FV2aGk1BXmwcZck+id3IsqZqkr9SiQjzI9sW1j1Dcd7G0hg9ng:fzMciVmlwiWKZy7G0hK

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid	pid_target	Process	procid_target
3844	5048	WerFault.exe	77

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 4760 wrote to memory of 5048	4760	rundll32.exe	77
PID 4760 wrote to memory of 5048	4760	rundll32.exe	77
PID 4760 wrote to memory of 5048	4760	rundll32.exe	77

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\StrGene.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4760
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\StrGene.dll,#1
  2⤵
  PID:5048
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 444
    3⤵
    - Program crash
    PID:3844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 5048 -ip 5048
1⤵
PID:2120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads