Malicious

How This Was Determined

Malicious Indicators

• CAPE signature: stealth_timeout - Possible date expiration check, exits too soon after checking local time (severity 1, confidence 40%)

Possible IOC / Review Indicators

• CAPE signature: stealth_network - Network activity detected but not expressed in monitor API logs (severity 1, confidence 100%)
• CAPE signature: language_check_registry - Checks system language via registry key (possible geofencing) (severity 1, confidence 100%)
• CAPE recorded network activity (8 network item(s)).
• CAPE recorded 1 executed command/child process item(s).

Lower-Risk Facts

• CAPE malscore is low: 1.4.
• No YARA hits were recorded.
• No CAPE YARA hits were recorded.
• No ClamAV detection was recorded.

Important Notes

• CAPE did not provide a malstatus value.
• VirusTotal was unavailable in CAPE: Unable to complete connection to VirusTotal. Status code: 429

VirusTotal

Stored CAPE result: Unable to complete connection to VirusTotal. Status code: 429

Manual lookup: Open SHA256 in VirusTotal

File Details

File name	generate_tech_report.py
File type	Generic INItialization configuration [value]
Size	20137
MD5	bf29f6c6079c87479b130c61c426ebe3
SHA1	b2e2a790c6741cf720369e54cda5682a9899ee91
SHA256	03844a48c75bf9b9af8ed89e26ab8681c9ea2d5bf85782ead9623a8509db54ed
VirusTotal lookup	Open SHA256 in VirusTotal

Sandbox Run Details

Task ID	25
Started	2026-06-18 11:54:18
Ended	2026-06-18 11:56:48
Duration	150 seconds
Package	python
Route	internet
Machine	cuckoo1
CAPE score	1.4
CAPE status

YARA / AV Indicators

Source	Rule / Detection	Description / Evidence
No YARA hits recorded.
No CAPE YARA hits recorded.
No ClamAV hits recorded.

CAPE Signatures

Severity	Confidence	Signature	Description
1	100%	stealth_network	Network activity detected but not expressed in monitor API logs
1	40%	antidebug_setunhandledexceptionfilter	SetUnhandledExceptionFilter detected (possible anti-debug)
1	40%	stealth_timeout	Possible date expiration check, exits too soon after checking local time
1	100%	language_check_registry	Checks system language via registry key (possible geofencing)

Behavior Summary

Executed commands / child processes	1
File writes	0
File deletes	0
Registry writes	0
Created services	0
Started services	0
CAPE payload-like items	0
CAPE extracted configs	0
Dropped/related files captured	0
Network indicators	8

Executed Commands / Child Processes

C:\Users\IT\AppData\Local\Programs\Python\Python313\python.exe C:\Users\IT\AppData\Local\Temp\generate_tech_report.py

File Writes

None recorded.

Registry Writes

None recorded.

Created Services

None recorded.

Started Services

None recorded.

CAPE Extracted Items

Payload-like Items

None recorded.

Extracted Configs

None recorded.

Network Activity

Network activity was recorded.

{'ip': '20.59.87.227', 'country_name': 'unknown', 'asn': '', 'asn_name': '', 'hostname': '', 'inaddrarpa': '', 'ports': [443]}

10.10.69.139

20.59.87.227

192.168.122.1

224.0.0.251

Generated 2026-06-18T11:57:01 from /opt/CAPEv2/storage/analyses/25/reports/report.json