Malware Analysis Report

2025-04-03 11:12

Sample ID 241109-3bycqavarh
Target 71203efe126daa8aaf69b5f984aff6522746572767a0e02ca433f3de7011bd83
SHA256 71203efe126daa8aaf69b5f984aff6522746572767a0e02ca433f3de7011bd83
Tags
discovery
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

71203efe126daa8aaf69b5f984aff6522746572767a0e02ca433f3de7011bd83

Threat Level: Likely benign

The file 71203efe126daa8aaf69b5f984aff6522746572767a0e02ca433f3de7011bd83 was found to be: Likely benign.

Malicious Activity Summary

discovery

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 23:21

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 23:21

Reported

2024-11-09 23:23

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\71203efe126daa8aaf69b5f984aff6522746572767a0e02ca433f3de7011bd83.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\71203efe126daa8aaf69b5f984aff6522746572767a0e02ca433f3de7011bd83.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\71203efe126daa8aaf69b5f984aff6522746572767a0e02ca433f3de7011bd83.exe

"C:\Users\Admin\AppData\Local\Temp\71203efe126daa8aaf69b5f984aff6522746572767a0e02ca433f3de7011bd83.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 98.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

C:\My Downloads\Winzip 8.0 Key Generator.exe

MD5 ba07ae3fea17bb6b464fb99b6e8ca729
SHA1 3d75e9845a5fb4d60506c451358b97cabd333dd5
SHA256 71203efe126daa8aaf69b5f984aff6522746572767a0e02ca433f3de7011bd83
SHA512 b33e73407d174a7a179eed668e4fa5baa73666d08ea3a13f1b1f00387b48fe6ee1b7189b455e3e06dd910f0015a2f60167a52a9b693e8b4d9931998dad61d35e

memory/400-100-0x0000000000400000-0x000000000040F000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 23:21

Reported

2024-11-09 23:23

Platform

win7-20240903-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\71203efe126daa8aaf69b5f984aff6522746572767a0e02ca433f3de7011bd83.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\71203efe126daa8aaf69b5f984aff6522746572767a0e02ca433f3de7011bd83.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\71203efe126daa8aaf69b5f984aff6522746572767a0e02ca433f3de7011bd83.exe

"C:\Users\Admin\AppData\Local\Temp\71203efe126daa8aaf69b5f984aff6522746572767a0e02ca433f3de7011bd83.exe"

Network

N/A

Files

C:\My Downloads\Clive Barker’s Undying Crack.exe

MD5 ba07ae3fea17bb6b464fb99b6e8ca729
SHA1 3d75e9845a5fb4d60506c451358b97cabd333dd5
SHA256 71203efe126daa8aaf69b5f984aff6522746572767a0e02ca433f3de7011bd83
SHA512 b33e73407d174a7a179eed668e4fa5baa73666d08ea3a13f1b1f00387b48fe6ee1b7189b455e3e06dd910f0015a2f60167a52a9b693e8b4d9931998dad61d35e

memory/2924-100-0x0000000000400000-0x000000000040F000-memory.dmp