Malware Analysis Report

2025-08-11 07:05

Sample ID 241107-l28gyazhqk
Target bc419e04ffba0e42aac406185a355d926aad3146d56201280852607e1a8885ddN
SHA256 bc419e04ffba0e42aac406185a355d926aad3146d56201280852607e1a8885dd
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

bc419e04ffba0e42aac406185a355d926aad3146d56201280852607e1a8885dd

Threat Level: Likely benign

The file bc419e04ffba0e42aac406185a355d926aad3146d56201280852607e1a8885ddN was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 10:02

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 10:02

Reported

2024-11-07 10:04

Platform

win7-20241023-en

Max time kernel

110s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bc419e04ffba0e42aac406185a355d926aad3146d56201280852607e1a8885ddN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bc419e04ffba0e42aac406185a355d926aad3146d56201280852607e1a8885ddN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bc419e04ffba0e42aac406185a355d926aad3146d56201280852607e1a8885ddN.exe

"C:\Users\Admin\AppData\Local\Temp\bc419e04ffba0e42aac406185a355d926aad3146d56201280852607e1a8885ddN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/1980-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1980-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1980-5-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-zziTS3XJw10a65hA.exe

MD5 36531e65f90386302cdaef58fd558e28
SHA1 4cc7b4cb965a7983d9d4bfaa46d8120989d639ae
SHA256 d7a2175059a06dac633fd2354c212080b7f1603ea40154cb79a48fec005c9974
SHA512 668604b783c1d35672cf09ed604d1620a145d0f82e68a3e4f65e4798302ccf1c7055cdfad867065fce1525f1875694f80279ee8dceec6477429984607bfea3b9

memory/1980-12-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1980-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-07 10:02

Reported

2024-11-07 10:04

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bc419e04ffba0e42aac406185a355d926aad3146d56201280852607e1a8885ddN.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bc419e04ffba0e42aac406185a355d926aad3146d56201280852607e1a8885ddN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bc419e04ffba0e42aac406185a355d926aad3146d56201280852607e1a8885ddN.exe

"C:\Users\Admin\AppData\Local\Temp\bc419e04ffba0e42aac406185a355d926aad3146d56201280852607e1a8885ddN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

memory/2836-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2836-2-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2836-5-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2836-9-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-SU3eRkrFyyBlmQA0.exe

MD5 5c837aab09a1795600b99e171ecf2b47
SHA1 9d02d11489e2d2db36c208dfc21c8a24ea574606
SHA256 0bd99a0b75cebddf469bb87fbe2a36be77aac8cd8cbd53187a46c15119e4d5f7
SHA512 384341a649e77621f4324f9b3f04ef22b3136aed3255104ada6f4aaec53f2b7e397676fb907f1e4e846ee81b39575b7b34053b7af482a836c27480c4f82a03ef

memory/2836-16-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2836-23-0x0000000000400000-0x000000000042A000-memory.dmp