Malware Analysis Report

2025-08-11 07:05

Sample ID 241107-l6c7lazgmg
Target 43bc4741a05e0a5361faa73abcd0afc04e79001886506eb383f57356352b0897N
SHA256 43bc4741a05e0a5361faa73abcd0afc04e79001886506eb383f57356352b0897
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

43bc4741a05e0a5361faa73abcd0afc04e79001886506eb383f57356352b0897

Threat Level: Likely benign

The file 43bc4741a05e0a5361faa73abcd0afc04e79001886506eb383f57356352b0897N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 10:08

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 10:08

Reported

2024-11-07 10:10

Platform

win7-20240729-en

Max time kernel

110s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\43bc4741a05e0a5361faa73abcd0afc04e79001886506eb383f57356352b0897N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\43bc4741a05e0a5361faa73abcd0afc04e79001886506eb383f57356352b0897N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\43bc4741a05e0a5361faa73abcd0afc04e79001886506eb383f57356352b0897N.exe

"C:\Users\Admin\AppData\Local\Temp\43bc4741a05e0a5361faa73abcd0afc04e79001886506eb383f57356352b0897N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/2300-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2300-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2300-5-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-2P3SuDSEyUC2dfGX.exe

MD5 0f6bb077d9716dc370a715cabd90c8d2
SHA1 644514ec377ddd881056f7e35b35bb60c8b4b82d
SHA256 dacd0145e575d85fd1fd222d3fd5a13a5f0c59b6b2d27809a041c84e10295f30
SHA512 7ddd103977bbf22c463ada7139fa60ee71c265dbaa7271d03c3a133061bd3a21d8b9c4b5816827a7902f5a2eadaa0e170040222e8ef8393880bcf5e1246f8f23

memory/2300-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2300-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-07 10:08

Reported

2024-11-07 10:10

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

97s

Command Line

"C:\Users\Admin\AppData\Local\Temp\43bc4741a05e0a5361faa73abcd0afc04e79001886506eb383f57356352b0897N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\43bc4741a05e0a5361faa73abcd0afc04e79001886506eb383f57356352b0897N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\43bc4741a05e0a5361faa73abcd0afc04e79001886506eb383f57356352b0897N.exe

"C:\Users\Admin\AppData\Local\Temp\43bc4741a05e0a5361faa73abcd0afc04e79001886506eb383f57356352b0897N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 105.209.201.84.in-addr.arpa udp

Files

memory/2804-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2804-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2804-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2804-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-o82t0SLKBAJPqmu6.exe

MD5 71c466425a920b79a93d9e89c8a2409b
SHA1 f8d5efa8ae6da2985d87e77eb27291171406a250
SHA256 388d33df5ceb1f9e97fe27276d67bb8903189c5fb54a9106910d8231b7582c9a
SHA512 259c83352cba3dfa77ee03ed84b849278fd3ae162b065253c7b206b0803d12d4f397d7401a16dc674f30cbf581d0ccc56984aecf87ac76c7e5449914d46cb329

memory/2804-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/2804-22-0x0000000000400000-0x000000000042A000-memory.dmp