Malware Analysis Report

2025-06-16 06:35

Sample ID 240825-k8ww2sybln
Target 6f8c1b1009ba0f4ef06df953acdbc460N.exe
SHA256 a17d93c0e598ea61efb7767dad89e9a7fcf60dd767b4bef30a74108756c7383f
Tags
upx discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

a17d93c0e598ea61efb7767dad89e9a7fcf60dd767b4bef30a74108756c7383f

Threat Level: Shows suspicious behavior

The file 6f8c1b1009ba0f4ef06df953acdbc460N.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 09:16

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 09:16

Reported

2024-08-25 09:18

Platform

win7-20240704-en

Max time kernel

118s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6f8c1b1009ba0f4ef06df953acdbc460N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6f8c1b1009ba0f4ef06df953acdbc460N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6f8c1b1009ba0f4ef06df953acdbc460N.exe

"C:\Users\Admin\AppData\Local\Temp\6f8c1b1009ba0f4ef06df953acdbc460N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/1916-0-0x0000000000400000-0x000000000043B000-memory.dmp

memory/1916-1-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-R3U2r5LxkRpbsjPi.exe

MD5 b45506327a6baf9178bd6482737e448d
SHA1 77a84f6c54f77bc1749a81801657f4da4e27a6be
SHA256 b50492d54d6cde17e797045a0ec71787d4afebb79f448946b80240ab37e2b5e2
SHA512 41492a68ca74fa5d48509ac30c3a416e4ca269b76bdbad82db580a269dc7f0e0279cc05cf6172d14986c35b1a132794c7a0f165f1afc14fa39d37cf7703c789c

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-25 09:16

Reported

2024-08-25 09:18

Platform

win10v2004-20240802-en

Max time kernel

100s

Max time network

100s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6f8c1b1009ba0f4ef06df953acdbc460N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6f8c1b1009ba0f4ef06df953acdbc460N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6f8c1b1009ba0f4ef06df953acdbc460N.exe

"C:\Users\Admin\AppData\Local\Temp\6f8c1b1009ba0f4ef06df953acdbc460N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
IE 52.111.236.23:443 tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/4872-0-0x0000000000400000-0x000000000043B000-memory.dmp

memory/4872-1-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-vCji8jjKeSDDb8Qf.exe

MD5 6a3495bbb4f33fe5c76db6e5fcdfd9e8
SHA1 189ab7b48f0deda655da3eccbdf2e1a9e641bc64
SHA256 ed3ae8828ad54cbe094aae5d32f870d1bc16a161abe2252e334387f01f234339
SHA512 9ec0c446843d95d3130803b7aadb04f733ba391b1377823377b13a547199aeda3de5d59199c7c745ce9d2f6633940fb2697107fcb7c325ee9534e4c87876bd97