Malware Analysis Report

2025-08-05 14:40

Sample ID 250703-f4h26stybz
Target 26ea84b36d9ad8f062e455ac40c3a0a95e52e73ddccbb7b06df636482976cf7a
SHA256 26ea84b36d9ad8f062e455ac40c3a0a95e52e73ddccbb7b06df636482976cf7a
Tags
discovery
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

26ea84b36d9ad8f062e455ac40c3a0a95e52e73ddccbb7b06df636482976cf7a

Threat Level: Likely benign

The file 26ea84b36d9ad8f062e455ac40c3a0a95e52e73ddccbb7b06df636482976cf7a was found to be: Likely benign.

Malicious Activity Summary

discovery

System Location Discovery: System Language Discovery

Unsigned PE

Program crash

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-03 05:25

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-03 05:25

Reported

2025-07-03 05:28

Platform

win10v2004-20250610-en

Max time kernel

105s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\26ea84b36d9ad8f062e455ac40c3a0a95e52e73ddccbb7b06df636482976cf7a.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\26ea84b36d9ad8f062e455ac40c3a0a95e52e73ddccbb7b06df636482976cf7a.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\26ea84b36d9ad8f062e455ac40c3a0a95e52e73ddccbb7b06df636482976cf7a.exe

"C:\Users\Admin\AppData\Local\Temp\26ea84b36d9ad8f062e455ac40c3a0a95e52e73ddccbb7b06df636482976cf7a.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3876 -ip 3876

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-07-03 05:25

Reported

2025-07-03 05:28

Platform

win11-20250502-en

Max time kernel

101s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\26ea84b36d9ad8f062e455ac40c3a0a95e52e73ddccbb7b06df636482976cf7a.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\26ea84b36d9ad8f062e455ac40c3a0a95e52e73ddccbb7b06df636482976cf7a.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\26ea84b36d9ad8f062e455ac40c3a0a95e52e73ddccbb7b06df636482976cf7a.exe

"C:\Users\Admin\AppData\Local\Temp\26ea84b36d9ad8f062e455ac40c3a0a95e52e73ddccbb7b06df636482976cf7a.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4920 -ip 4920

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 240

Network

Files

N/A