Malware Analysis Report

2025-08-11 07:05

Sample ID 241107-majj6szla1
Target f9512a723c89922d0469eb37bb85cb3b6bfa31fc04c9525666200a5825796b75N
SHA256 f9512a723c89922d0469eb37bb85cb3b6bfa31fc04c9525666200a5825796b75
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

f9512a723c89922d0469eb37bb85cb3b6bfa31fc04c9525666200a5825796b75

Threat Level: Likely benign

The file f9512a723c89922d0469eb37bb85cb3b6bfa31fc04c9525666200a5825796b75N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 10:15

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 10:15

Reported

2024-11-07 10:17

Platform

win7-20240903-en

Max time kernel

110s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f9512a723c89922d0469eb37bb85cb3b6bfa31fc04c9525666200a5825796b75N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f9512a723c89922d0469eb37bb85cb3b6bfa31fc04c9525666200a5825796b75N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f9512a723c89922d0469eb37bb85cb3b6bfa31fc04c9525666200a5825796b75N.exe

"C:\Users\Admin\AppData\Local\Temp\f9512a723c89922d0469eb37bb85cb3b6bfa31fc04c9525666200a5825796b75N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/1480-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1480-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1480-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1480-6-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-B5HqlbC0SnU6EDSA.exe

MD5 98e4a52e7e5493029153500ba23817b2
SHA1 6d76131089de5936527df9c67d8ffa8c127ddcd5
SHA256 cb241eadd26a414c65a305c0f88c2cbf7779f7427b49175660f39179dee902b0
SHA512 c27bc0cb4efccc9658a3956c8f120b4b2b355690e40fcd1e746c978b6b07d3c2980270701e3082a6f80f3243dbe855b165dcbc1886c0ca63e3e97712641b1318

memory/1480-16-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1480-23-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-07 10:15

Reported

2024-11-07 10:17

Platform

win10v2004-20241007-en

Max time kernel

110s

Max time network

98s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f9512a723c89922d0469eb37bb85cb3b6bfa31fc04c9525666200a5825796b75N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f9512a723c89922d0469eb37bb85cb3b6bfa31fc04c9525666200a5825796b75N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f9512a723c89922d0469eb37bb85cb3b6bfa31fc04c9525666200a5825796b75N.exe

"C:\Users\Admin\AppData\Local\Temp\f9512a723c89922d0469eb37bb85cb3b6bfa31fc04c9525666200a5825796b75N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 66.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 199.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/1536-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1536-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1536-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1536-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-CtkLNfXe41AsWCiU.exe

MD5 b718d24f6e08f5b47ee7ceb285b97630
SHA1 699037cbc423ac2e3b353ea99e9de2ea6fde3272
SHA256 8e1c424e607b0bda821d0c076977fa993129d8e9033481bffe3ff111a3f188d6
SHA512 700fb1bd5540179efcd679dd81afedbc19755242fb692ae7beab03ab01777598b08a24cda0312c6f5c54affe91db4c9be4bf904bbc4ae3d9c1f313200bcd33c2

memory/1536-15-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1536-22-0x0000000000400000-0x000000000042A000-memory.dmp