Malware Analysis Report

2025-08-10 13:41

Sample ID 241107-m591lstmap
Target ec54d968c1b1d2ae8071204bc147fb1ace65fa37ffe0eaa4e3be1abe00aa50d8N
SHA256 ec54d968c1b1d2ae8071204bc147fb1ace65fa37ffe0eaa4e3be1abe00aa50d8
Tags
discovery upx
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

ec54d968c1b1d2ae8071204bc147fb1ace65fa37ffe0eaa4e3be1abe00aa50d8

Threat Level: Likely benign

The file ec54d968c1b1d2ae8071204bc147fb1ace65fa37ffe0eaa4e3be1abe00aa50d8N was found to be: Likely benign.

Malicious Activity Summary

discovery upx

UPX packed file

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 11:04

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-07 11:04

Reported

2024-11-07 11:06

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ec54d968c1b1d2ae8071204bc147fb1ace65fa37ffe0eaa4e3be1abe00aa50d8N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ec54d968c1b1d2ae8071204bc147fb1ace65fa37ffe0eaa4e3be1abe00aa50d8N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ec54d968c1b1d2ae8071204bc147fb1ace65fa37ffe0eaa4e3be1abe00aa50d8N.exe

"C:\Users\Admin\AppData\Local\Temp\ec54d968c1b1d2ae8071204bc147fb1ace65fa37ffe0eaa4e3be1abe00aa50d8N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

memory/864-0-0x0000000000400000-0x000000000043B000-memory.dmp

memory/864-1-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-38iuAX7oeg7uTQOS.exe

MD5 b4c8422cd600cb185c7ee4f391697ab2
SHA1 00ace9661133751142bb59c7e13d73a261b193ee
SHA256 9332362683280854fba227b54e288fe8cf448ba2822cf2a5dce1e4c4f1ee6839
SHA512 df56210009d44d0335c74982f827aae9e148c7b01712ea9b1eaa8583d1df419e8267b1d43123bb413f33783117dc76b333bcb9afd01916999d78bc937804698a

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 11:04

Reported

2024-11-07 11:06

Platform

win7-20241010-en

Max time kernel

118s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ec54d968c1b1d2ae8071204bc147fb1ace65fa37ffe0eaa4e3be1abe00aa50d8N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ec54d968c1b1d2ae8071204bc147fb1ace65fa37ffe0eaa4e3be1abe00aa50d8N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ec54d968c1b1d2ae8071204bc147fb1ace65fa37ffe0eaa4e3be1abe00aa50d8N.exe

"C:\Users\Admin\AppData\Local\Temp\ec54d968c1b1d2ae8071204bc147fb1ace65fa37ffe0eaa4e3be1abe00aa50d8N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp

Files

memory/2884-0-0x0000000000400000-0x000000000043B000-memory.dmp

memory/2884-1-0x0000000000400000-0x000000000043B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-HAgvFvbzhcZR1oU3.exe

MD5 28825fb843d485fc91d58bb4fd00a956
SHA1 fdbb8fdd2392fcf9f4f2eb4d3b752161dffc672a
SHA256 47a4a078738476fc5cb8cae2f51ba279edd6c5c04a65ce2822115ef6768681e7
SHA512 ac2802e767f4b3d416c8c5f404c0d45b42d6e51c0e4ee81deec6fe888d3620f5541dff15e30bfcb51935b2e958911a05ffa100060a50c02a5a15ea6b032947d1