Malware Analysis Report

2025-08-05 17:03

Sample ID 240107-ybj3wadfa9
Target IMF.exe
SHA256 d473f0f93024798d184a835eb2ec2b5c9b227f9b6c0494e2ae16fc0b4fba9689
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

d473f0f93024798d184a835eb2ec2b5c9b227f9b6c0494e2ae16fc0b4fba9689

Threat Level: No (potentially) malicious behavior was detected

The file IMF.exe was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-01-07 19:36

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-07 19:36

Reported

2024-01-07 19:40

Platform

win7-20231129-en

Max time kernel

120s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\IMF.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\IMF.exe

"C:\Users\Admin\AppData\Local\Temp\IMF.exe"

Network

N/A

Files

memory/804-0-0x0000000000400000-0x0000000000AF9000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-07 19:36

Reported

2024-01-07 19:40

Platform

win10v2004-20231222-en

Max time kernel

147s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\IMF.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\IMF.exe

"C:\Users\Admin\AppData\Local\Temp\IMF.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 75.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
GB 96.17.179.83:80 tcp
GB 104.91.71.134:80 tcp
US 8.8.8.8:53 udp
N/A 40.127.169.103:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 96.16.110.41:443 tcp
N/A 51.104.136.2:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 192.229.221.95:80 tcp
N/A 40.127.169.103:443 tcp
US 8.8.8.8:53 udp
N/A 4.231.128.59:443 tcp
N/A 40.127.169.103:443 tcp
N/A 4.231.128.59:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 52.165.164.15:443 tcp
US 8.8.8.8:53 udp
N/A 40.127.169.103:443 tcp
US 8.8.8.8:53 udp
N/A 52.165.164.15:443 tcp
US 8.8.8.8:53 udp
N/A 40.127.169.103:443 tcp
N/A 40.127.169.103:443 tcp
US 8.8.8.8:53 udp
GB 104.91.71.134:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 23.37.1.183:80 tcp
N/A 23.37.1.183:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 20.54.110.119:443 tcp
N/A 52.165.164.15:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 104.91.71.134:80 tcp
GB 104.91.71.134:80 tcp
GB 104.91.71.134:80 tcp
GB 104.91.71.134:80 tcp
US 8.8.8.8:53 udp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 96.17.178.78:80 tcp
GB 104.91.71.134:80 tcp
N/A 96.17.178.78:80 tcp
GB 104.91.71.134:80 tcp
US 8.8.8.8:53 udp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
US 8.8.8.8:53 udp
GB 96.17.179.71:80 tcp
GB 96.17.179.83:80 tcp
US 8.8.8.8:53 udp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
US 8.8.8.8:53 udp
IE 20.223.36.55:443 tcp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
US 8.8.8.8:53 udp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
GB 96.17.179.71:80 tcp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
GB 96.17.179.83:80 tcp
US 8.8.8.8:53 udp
GB 104.91.71.134:80 tcp
GB 104.91.71.134:80 tcp
US 8.8.8.8:53 udp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
US 8.8.8.8:53 udp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
US 8.8.8.8:53 udp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
GB 96.17.179.56:80 tcp
US 8.8.8.8:53 udp
N/A 20.166.126.56:443 tcp
US 8.8.8.8:53 udp
IE 20.223.36.55:443 tcp
IE 20.223.36.55:443 tcp
IE 20.223.36.55:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 104.91.71.134:80 tcp
GB 104.91.71.134:80 tcp
GB 104.91.71.134:80 tcp
US 8.8.8.8:53 udp
US 204.79.197.200:443 tcp
US 204.79.197.200:443 tcp
US 204.79.197.200:443 tcp
US 204.79.197.200:443 tcp
US 204.79.197.200:443 tcp
US 8.8.8.8:53 udp
GB 96.17.179.60:80 tcp
GB 96.17.179.60:80 tcp
GB 96.17.179.60:80 tcp
GB 96.17.179.60:80 tcp
US 8.8.8.8:53 udp
N/A 93.184.221.240:80 tcp
GB 104.91.71.134:80 tcp
GB 104.91.71.134:80 tcp
GB 96.17.179.60:80 tcp
N/A 20.166.126.56:443 tcp
GB 104.91.71.134:80 tcp
GB 104.91.71.134:80 tcp
GB 96.17.179.60:80 tcp
GB 96.17.179.60:80 tcp
GB 104.91.71.134:80 tcp
GB 104.91.71.134:80 tcp
GB 96.17.179.60:80 tcp
GB 96.17.179.60:80 tcp
US 8.8.8.8:53 udp
GB 96.17.179.47:80 tcp
GB 96.17.179.47:80 tcp
US 8.8.8.8:53 udp
GB 96.17.179.47:80 tcp
GB 96.17.179.47:80 tcp
GB 96.17.179.47:80 tcp
GB 96.17.179.47:80 tcp
GB 96.17.179.47:80 tcp
GB 96.17.179.47:80 tcp
GB 96.17.179.47:80 tcp
GB 96.17.179.47:80 tcp
GB 96.17.179.47:80 tcp
GB 96.17.179.47:80 tcp
GB 96.17.179.47:80 tcp
GB 96.17.179.47:80 tcp
GB 96.17.179.47:80 tcp
GB 96.17.179.47:80 tcp
GB 96.17.179.47:80 tcp
GB 96.17.179.47:80 tcp
GB 96.17.179.47:80 tcp
GB 96.17.179.47:80 tcp
GB 96.17.179.47:80 tcp
GB 96.17.179.47:80 tcp

Files

N/A