21acdf5616dd7c67e4039eec9d981a78b9cea077dfadff4e290dbea2c3e24537

Analysis

max time kernel
29s
max time network
80s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
30-06-2023 11:40

Target

21acdf5616dd7c67e4039eec9.exe
Size

4.6MB
MD5

ed065e03d90812f4f2191944cabaa193
SHA1

45940d71ce3730fe00cd172901a2867623bc0a9d
SHA256

21acdf5616dd7c67e4039eec9d981a78b9cea077dfadff4e290dbea2c3e24537
SHA512

b6b7448a8a0b531d094a48c3f86a140eab93556427e51baa16768440c1fe5c6741f35204b98704aa5ca9f02ff8becac2b3d1128a077ce85f392557be3757ba13
SSDEEP

49152:PB8+oa6bXQn04bHXuPugPnTBVuscOjZ7wG2VXVscK0oKdTH4AUKyYTIiBS4Yy9hH:J7b3uPuGjZEGs6uipUTYy927HM9GWFj

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

21acdf5616dd7c67e4039eec9.exe

pid process

2024 21acdf5616dd7c67e4039eec9.exe
Drops file in Windows directory 1 IoCs

Processes:

21acdf5616dd7c67e4039eec9.exe

description ioc process

File created C:\Windows\Fonts\xysvfh.dll 21acdf5616dd7c67e4039eec9.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1740 2024 WerFault.exe 21acdf5616dd7c67e4039eec9.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

21acdf5616dd7c67e4039eec9.exe

pid process

2024 21acdf5616dd7c67e4039eec9.exe
2024 21acdf5616dd7c67e4039eec9.exe
2024 21acdf5616dd7c67e4039eec9.exe

pid	process
2024	21acdf5616dd7c67e4039eec9.exe

description	ioc	process
File created	C:\Windows\Fonts\xysvfh.dll	21acdf5616dd7c67e4039eec9.exe

pid	pid_target	process	target process
1740	2024	WerFault.exe	21acdf5616dd7c67e4039eec9.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

21acdf5616dd7c67e4039eec9.exe

description	pid	process	target process
PID 2024 wrote to memory of 1740	2024	21acdf5616dd7c67e4039eec9.exe	WerFault.exe
PID 2024 wrote to memory of 1740	2024	21acdf5616dd7c67e4039eec9.exe	WerFault.exe
PID 2024 wrote to memory of 1740	2024	21acdf5616dd7c67e4039eec9.exe	WerFault.exe
PID 2024 wrote to memory of 1740	2024	21acdf5616dd7c67e4039eec9.exe	WerFault.exe

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 920
2⤵
- Program crash
PID:1740

\Windows\Fonts\xysvfh.dll

Filesize
1004KB

MD5
1938bc501c2cbaacdd8e4a1fe4441b53

SHA1
7894d0d1f00d8293913392601fc8af07015f4945

SHA256
57252baf752a552e600a7a86d0040c44822de3b3fe7ca42f873501bb643e92fe

SHA512
b8ddd2d3e5df03683de540fdb720dca47c545e1877727474559576664d226b0c2dc713f6afb98b95f1150bb2ac8f65d33b3446530d2c9cc8fe0b0ecf25380212

Download Submit
memory/2024-60-0x0000000000A00000-0x0000000000B00000-memory.dmp

Filesize
1024KB

Download