Malware Analysis Report

2025-08-10 13:41

Sample ID 241107-mggn6a1bmr
Target 1c9ed0e8d1a3c83cd87381f6132aa3419dc0a3087beb67a1ce9cdbc3ef431aa0N
SHA256 1c9ed0e8d1a3c83cd87381f6132aa3419dc0a3087beb67a1ce9cdbc3ef431aa0
Tags
upx discovery
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

1c9ed0e8d1a3c83cd87381f6132aa3419dc0a3087beb67a1ce9cdbc3ef431aa0

Threat Level: Likely benign

The file 1c9ed0e8d1a3c83cd87381f6132aa3419dc0a3087beb67a1ce9cdbc3ef431aa0N was found to be: Likely benign.

Malicious Activity Summary

upx discovery

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 10:26

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 10:26

Reported

2024-11-07 10:28

Platform

win7-20241023-en

Max time kernel

110s

Max time network

92s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1c9ed0e8d1a3c83cd87381f6132aa3419dc0a3087beb67a1ce9cdbc3ef431aa0N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1c9ed0e8d1a3c83cd87381f6132aa3419dc0a3087beb67a1ce9cdbc3ef431aa0N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1c9ed0e8d1a3c83cd87381f6132aa3419dc0a3087beb67a1ce9cdbc3ef431aa0N.exe

"C:\Users\Admin\AppData\Local\Temp\1c9ed0e8d1a3c83cd87381f6132aa3419dc0a3087beb67a1ce9cdbc3ef431aa0N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 wecan.hasthe.technology udp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp
US 104.21.59.199:80 wecan.hasthe.technology tcp

Files

memory/1980-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1980-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1980-5-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-odkF66TjtyfQmeqn.exe

MD5 8c9baec3ddd12f93740f89c7adbb38a3
SHA1 3dbb0e819181940d27e17019151cd84ac5c70da3
SHA256 ecb2064b15885327a2a0afc52b89e2927c178049681b008fb82e557f55395a2c
SHA512 d68b4d05d7a06398a31a7edeb0d22306182c5f555be258f51c37fbc4dd57e1c9a5cc47f7e1395d6526e0fab4e58f28140066742b919946513fbb6e7fd6cf1aed

memory/1980-12-0x0000000000400000-0x000000000042A000-memory.dmp

memory/1980-22-0x0000000000400000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-07 10:26

Reported

2024-11-07 10:28

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1c9ed0e8d1a3c83cd87381f6132aa3419dc0a3087beb67a1ce9cdbc3ef431aa0N.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1c9ed0e8d1a3c83cd87381f6132aa3419dc0a3087beb67a1ce9cdbc3ef431aa0N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1c9ed0e8d1a3c83cd87381f6132aa3419dc0a3087beb67a1ce9cdbc3ef431aa0N.exe

"C:\Users\Admin\AppData\Local\Temp\1c9ed0e8d1a3c83cd87381f6132aa3419dc0a3087beb67a1ce9cdbc3ef431aa0N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 wecan.hasthe.technology udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 40.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 172.67.183.40:80 wecan.hasthe.technology tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

memory/4556-0-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4556-1-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4556-4-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4556-8-0x0000000000400000-0x000000000042A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rifaien2-nK6yZSOTmTO1mTUw.exe

MD5 dd673b7344d4510936c114330cb17488
SHA1 89791498bbf1ac9eeeeb75ba07fa05c459b3bd8f
SHA256 8f3e2068959ecd7a4c9c1c7e79285389d23609c30436e75068d23778e7e11001
SHA512 340998dd871908270640cc74dce93ae7cab3a1832009e1b88800d1a286a54bac2655d4505e8238891bf3f6a0f722cc820d3b80b2937594a6955ae7e101e25108

memory/4556-12-0x0000000000400000-0x000000000042A000-memory.dmp

memory/4556-20-0x0000000000400000-0x000000000042A000-memory.dmp