Malware Analysis Report

2025-03-15 03:41

Sample ID 250125-fzrhraxngy
Target Bypass.exe
SHA256 2b34f81fac75313c6db5a80b7b560f303f4714adb6e2392c9c01d7146c022e5d
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

2b34f81fac75313c6db5a80b7b560f303f4714adb6e2392c9c01d7146c022e5d

Threat Level: Likely benign

The file Bypass.exe was found to be: Likely benign.

Malicious Activity Summary


Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2025-01-25 05:18

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-25 05:18

Reported

2025-01-25 05:19

Platform

win10v2004-20241007-en

Max time kernel

33s

Max time network

34s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Bypass.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Bypass.exe

"C:\Users\Admin\AppData\Local\Temp\Bypass.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-25 05:18

Reported

2025-01-25 05:21

Platform

win7-20241010-en

Max time kernel

13s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Bypass.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Bypass.exe

"C:\Users\Admin\AppData\Local\Temp\Bypass.exe"

Network

N/A

Files

N/A