Analysis Overview
SHA256
21425e68e86eb4c6b19b4cfdca2821d76c8e53e2e88bf5b73518fc1b33e30d44
Threat Level: Likely benign
The file 21425e68e86eb4c6b19b4cfdca2821d76c8e53e2e88bf5b73518fc1b33e30d44 was found to be: Likely benign.
Malicious Activity Summary
Program crash
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-10-31 22:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-10-31 22:06
Reported
2022-10-31 22:08
Platform
win7-20220812-en
Max time kernel
41s
Max time network
44s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\21425e68e86eb4c6b19b4cfdca2821d76c8e53e2e88bf5b73518fc1b33e30d44.exe
"C:\Users\Admin\AppData\Local\Temp\21425e68e86eb4c6b19b4cfdca2821d76c8e53e2e88bf5b73518fc1b33e30d44.exe"
Network
Files
memory/1044-54-0x0000000000400000-0x0000000001556000-memory.dmp
memory/1044-55-0x0000000000400000-0x0000000001556000-memory.dmp
memory/1044-56-0x0000000000400000-0x0000000001556000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-10-31 22:06
Reported
2022-10-31 22:08
Platform
win10v2004-20220812-en
Max time kernel
90s
Max time network
105s
Command Line
Signatures
Program crash
Processes
C:\Users\Admin\AppData\Local\Temp\21425e68e86eb4c6b19b4cfdca2821d76c8e53e2e88bf5b73518fc1b33e30d44.exe
"C:\Users\Admin\AppData\Local\Temp\21425e68e86eb4c6b19b4cfdca2821d76c8e53e2e88bf5b73518fc1b33e30d44.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 5048 -ip 5048
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 636
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 196 -p 5048 -ip 5048
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 688
Network
| Country | Destination | Domain | Proto |
| NL | 104.110.191.133:80 | tcp | |
| NL | 104.110.191.133:80 | tcp | |
| US | 8.8.8.8:53 | 176.122.125.40.in-addr.arpa | udp |
Files
memory/5048-132-0x0000000000400000-0x0000000001556000-memory.dmp
memory/5048-133-0x0000000000400000-0x0000000001556000-memory.dmp
memory/5048-134-0x0000000000400000-0x0000000001556000-memory.dmp