c0c82d59d19c452f43a4f8d9ee0acaaa215aad1ac195369f769d8f37407f4559

Analysis

max time kernel
14s
max time network
143s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
04/08/2023, 19:42

Target

Terraria.v1.4.4.9.HotFix/Game/TerrariaServer.exe
Size

19.0MB
MD5

286552c6d3fc8495c1b4693da5236232
SHA1

89496161ec0aed56d115c101e77fb41074c92ee5
SHA256

d40fd8d07a95c2c24c72dd6a2ca4966f1cc2043ec9bff3d0c10da21dc6dd9e32
SHA512

e6ba8babb122b7eded49d96ee596f2e2c4816a2a960d229377c29ff4db5dff0ef7d558e20a8a5761ddf465828cff2294fd27cb2b0e3cfef23dac460079f67a27
SSDEEP

98304:/NpUDqATyuoxefZU3FuutryPiusaIWdImnGOhxb0nDk3qMaYGbqP3uZt55ud:/0DD+Ra5PoMTGbqP3uZtSd

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1612	2024	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 1612	2024	TerrariaServer.exe	29
PID 2024 wrote to memory of 1612	2024	TerrariaServer.exe	29
PID 2024 wrote to memory of 1612	2024	TerrariaServer.exe	29
PID 2024 wrote to memory of 1612	2024	TerrariaServer.exe	29

C:\Users\Admin\AppData\Local\Temp\Terraria.v1.4.4.9.HotFix\Game\TerrariaServer.exe
"C:\Users\Admin\AppData\Local\Temp\Terraria.v1.4.4.9.HotFix\Game\TerrariaServer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 620
  2⤵
  - Program crash
  PID:1612

memory/2024-54-0x0000000073E30000-0x000000007451E000-memory.dmp

Filesize
6.9MB

Download
memory/2024-55-0x0000000000CB0000-0x0000000001FC0000-memory.dmp

Filesize
19.1MB

Download
memory/2024-56-0x0000000000460000-0x000000000048E000-memory.dmp

Filesize
184KB

Download
memory/2024-57-0x0000000073E30000-0x000000007451E000-memory.dmp

Filesize
6.9MB

Download